| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Adware.SpeedingUp Virus Werbebanner FirefoxWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
08.04.2015, 23:15
| #1 |
 |  Adware.SpeedingUp Virus Werbebanner Firefox Hallo lieber Trojaner-Boarder, das hier ist der dritte Anlauf diesen Thread zu eröffnen, wenn ich nun wieder alles umsonst tippe und kopiere wird auch meine sehr ergiebige Geduld langsam knapp.  Vorneweg, ich habe wenig bis keine Erfahrung/Ahnung mit/von logfiles und deren Auswertung, von daher bitte ich bei Hilfen/Anweisungen auf sehr detaillierte und einfach nachvillziehbare Schritte. Mich plagt ein Virus, welches bei jedem 2. Klick ein Werbefenster in einem extra tab öffnet. Diese schließen sich nach ein paar sekunden meist wieder (vermute wegen meinem aktiven AdBlockerPlus), in der Adresszeile kann ich meist "adserv" oder "axonan" erhaschen. Gelegentlich greift auch mein Avast ein und findet Bedrohungen auf diesen Seiten, weswegen ich momentan am Pc nichts mehr im Netz mache außer hier hoffentlich Hilfe zu bekommen. Zu Anfang habe ich die Schwere der Infektion nicht erkannt, habe lediglich begonnen mir unbekannte und neu aus dem nichts installierte Programme (war sowas wie SystemProBoost Pimp up) über die Systemsteuerung gelöscht. Die popups haben aber nicht aufgehört, im Gegenteil, sie wurden eher mehr. Firefox zurücksetzen brachte keinen Effekt. In anbrechender Verzweiflung habe ich dann einen "Reparierer" namens Reimage heruntergeladen, der nach seinem Scan bezahlt werden wollte, bevor er die Probleme löst. War echt hartnäckig und wollte sich nicht so einfach deinstallieren lassen. Immerhin hat er mir gezeigt, dass mein schädlichster Virus im System ein "Variant of Adware.SpeedingUp" sei. Über dieses Virus gab es wohl schon einige Threads hier, deswegen hoffe ich auf sichere Abhilfe. Hier, was die Befolgung der ersten Schritte ergeben hat: defogger Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 22:48 on 08/04/2015 (User)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by User (administrator) on USER-PC on 08-04-2015 22:50:17
Running from C:\Users\User\Downloads
Loaded Profiles: User (Available profiles: User)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Anvisoft) C:\Program Files (x86)\Anvisoft\Cloud System Booster\CSBSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
() C:\ProgramData\eazyzoom\1.1.0.30\jhrywac.exe
() C:\ProgramData\eazyzoom\1.1.0.30\jhryaac.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNotifier.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
() C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Spotify Ltd) C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(PC Utilities Software Limited) C:\ProgramData\{559aac06-3e54-c069-559a-aac063e5b018}\hqghumeaylnlf.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\ProgramData\eazyzoom\1.1.0.30\jhry6ac.exe
() C:\ProgramData\eazyzoom\1.1.0.30\jhry3ac.exe
() C:\ProgramData\eazyzoom\1.1.0.30\jhrydac.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) D:\Programme\firefox.exe
(Mozilla Corporation) D:\Programme\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(GameRanger Technologies) C:\Users\User\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
() C:\Users\User\Downloads\Defogger.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10775072 2010-04-23] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2040352 2010-04-23] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2101032 2010-05-03] (Synaptics Incorporated)
HKLM\...\Run: [SynBtnAsst] => C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe [54568 2010-05-03] (Synaptics Incorporated)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [776608 2009-12-19] (Lenovo)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [4448704 2010-03-11] (Lenovo(beijing) Limited)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [7056832 2010-03-11] (Lenovo (Beijing) Limited)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [6868280 2012-05-21] (Logitech Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-11-20] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-05-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [MuteSync] => C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe [336384 2009-12-28] (Lenovo)
HKLM-x32\...\Run: [Lenovo SlideNav2] => C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe [318400 2009-12-30] (Lenovo)
HKLM-x32\...\Run: [Lenovo SplitScreen] => C:\Program Files\Lenovo\Lenovo SplitScreen\SplitScreen\AutoRunSpS.exe [778592 2010-04-01] (Lenovo)
HKLM-x32\...\Run: [UCam_Menu] => c:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Mirror Tray icon] => c:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167008 2010-02-04] (CyberLink Corp.)
HKLM-x32\...\Run: [VeriFaceManager] => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [3122528 2012-05-11] (Lenovo)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2008-12-04] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2013-10-11] (Comodo Security Solutions, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-09-09] (AVAST Software)
HKU\S-1-5-21-1326109875-696039885-1899394854-1000\...\Run: [Spotify Web Helper] => C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-09-27] (Spotify Ltd)
HKU\S-1-5-21-1326109875-696039885-1899394854-1000\...\Run: [GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [809288 2015-03-30] (Google Inc.)
HKU\S-1-5-21-1326109875-696039885-1899394854-1000\...\Run: [DriverUpdaterPro] => C:\Program Files (x86)\oTweak\DriverUpdaterPro\DriverUpdaterPro.exe /ot /as /ss
HKU\S-1-5-21-1326109875-696039885-1899394854-1000\...\MountPoints2: {aa66b0b6-9b5a-11e1-bad3-18f46afcfaa0} - E:\CD_Start.exe
HKU\S-1-5-21-1326109875-696039885-1899394854-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [WLStart] => C:\Program Files (x86)\Windows Live\Installer\wlstart.exe [786760 2009-07-26] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\windows\System32\SPReview\SPReview.exe [301568 2013-03-20] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
ShortcutTarget: Start GeekBuddy.lnk -> C:\Program Files (x86)\Comodo\GeekBuddy\launcher.exe (Comodo Security Solutions, Inc.)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hqghumeaylnlf.lnk
ShortcutTarget: hqghumeaylnlf.lnk -> C:\ProgramData\{559aac06-3e54-c069-559a-aac063e5b018}\hqghumeaylnlf.exe (PC Utilities Software Limited)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [VeriFace Enc] -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\windows\system32\IcnOvrly.dll ()
CHR HKU\S-1-5-21-1326109875-696039885-1899394854-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:58755;https=127.0.0.1:58755
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = about:blank
HKU\S-1-5-21-1326109875-696039885-1899394854-1000\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
HKU\S-1-5-21-1326109875-696039885-1899394854-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKU\S-1-5-21-1326109875-696039885-1899394854-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\S-1-5-21-1326109875-696039885-1899394854-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?pc=AV01
URLSearchHook: HKLM-x32 - (No Name) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - No File
URLSearchHook: HKU\S-1-5-21-1326109875-696039885-1899394854-1000 - (No Name) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - No File
SearchScopes: HKLM-x32 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-1326109875-696039885-1899394854-1000 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-1326109875-696039885-1899394854-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3315513&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPDE6A0F4E-9DE7-4DCD-80F8-063D44DE57A8&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-1326109875-696039885-1899394854-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1326109875-696039885-1899394854-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-09-08] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: No Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> No File
BHO-x32: No Name -> {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} -> No File
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06] (Adobe Systems Incorporated)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-03-02] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-09-08] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-10-21] (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-03-02] (Oracle Corporation)
BHO-x32: No Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM-x32 - No Name - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - No File
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-10-21] (Microsoft Corporation.)
Toolbar: HKU\S-1-5-21-1326109875-696039885-1899394854-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rfo4snbm.default-1428334381312
FF DefaultSearchUrl: https://www.google.com/search
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Keyword.URL: https://www.google.com/search
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-04] ()
FF Plugin: @microsoft.com/GENUINE -> C:\windows\system32\Wat\npWatWeb.dll [2012-06-10] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-04] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-10-01] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.4.0 -> C:\windows\SysWOW64\npDeployJava1.dll [2012-05-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-03-02] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\windows\system32\Wat\npWatWeb.dll [2012-06-10] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2011-06-06] (Adobe Systems Inc.)
FF Extension: EazyZoom - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rfo4snbm.default-1428334381312\Extensions\ka@thsic.com [2015-04-08]
FF Extension: WEB.DE MailCheck - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rfo4snbm.default-1428334381312\Extensions\toolbar@web.de [2015-04-07]
FF Extension: Adblock Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rfo4snbm.default-1428334381312\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-04-07]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-05-28]
FF HKU\S-1-5-21-1326109875-696039885-1899394854-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-11-20]
StartMenuInternet: FIREFOX.EXE - D:\Programme\firefox.exe
Chrome:
=======
CHR HomePage: Default ->
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchKeyword: Default -> google.de_
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Avast Online Security) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-09-08]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-05]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-20]
CHR Extension: (Quick start) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma [2014-08-22]
CHR HKU\S-1-5-21-1326109875-696039885-1899394854-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bhphemoobgnikcoofkgackkaimpfmenm] - C:\Users\User\AppData\Local\CRE\bhphemoobgnikcoofkgackkaimpfmenm.crx [2012-07-05]
CHR HKLM-x32\...\Chrome\Extension: [bhphemoobgnikcoofkgackkaimpfmenm] - C:\Users\User\AppData\Local\CRE\bhphemoobgnikcoofkgackkaimpfmenm.crx [2012-07-05]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-09-08]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
Locked "isazpav" service could not be unlocked. <===== ATTENTION
Locked "jimshle" service could not be unlocked. <===== ATTENTION
Locked "tammgF119" service could not be unlocked. <===== ATTENTION
Locked "tammgR119" service could not be unlocked. <===== ATTENTION
R2 AnviCsbSvc; C:\Program Files (x86)\Anvisoft\Cloud System Booster\CSBSvc.exe [42680 2014-08-20] (Anvisoft)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-09-08] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [106488 2014-09-08] (AVAST Software)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [873248 2010-01-12] (Broadcom Corporation.)
S4 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70352 2013-10-11] (Comodo Security Solutions, Inc.)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2370240 2014-11-27] (Comodo Security Solutions, Inc.)
R2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2013-10-11] (Comodo Security Solutions, Inc.)
S3 IGRS; C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe [38152 2009-07-15] (Lenovo Group Limited)
S3 Lenovo ReadyComm AppSvc; C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [509192 2009-08-14] (Lenovo Group Limited)
S3 Lenovo ReadyComm ConnSvc; C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [575304 2009-11-17] (Lenovo Group Limited)
S3 PS_MDP; C:\Program Files (x86)\Lenovo\ReadyComm\PS_MDP.dll [276296 2009-07-16] (Lenovo Group Limited)
S2 ReadyComm.DirectRouter; C:\Program Files (x86)\Lenovo\ReadyComm\common\router.dll [103688 2009-07-15] (Lenovo Group Limited)
R2 Slidebar Notifier Service; C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNotifier.exe [69568 2009-12-30] (Lenovo)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-09-08] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-09-08] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-09-08] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [448400 2014-09-08] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-09-08] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-09-08] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-11-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-09-09] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-09-08] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-09-08] ()
R3 ATIAVPCI; C:\Windows\System32\DRIVERS\atinavrr.sys [1383680 2009-07-16] (ATI Technologies Inc.)
S3 Bridge0; C:\Windows\System32\drivers\WDBridge.sys [79376 2009-07-16] (Lenovo)
S1 CFRMD; C:\Windows\SysWOW64\DRIVERS\CFRMD.sys [37976 2012-09-03] (Windows (R) Win 7 DDK provider) [File not signed]
R3 JmUsbCcgp; C:\Windows\System32\DRIVERS\jmccgp.sys [17904 2010-02-05] (JMicron Technology Corp.)
R3 JmUsbVideo; C:\Windows\System32\Drivers\jmcam.sys [56688 2010-02-05] (JMicron Technology Corp.)
R3 JmUsbVideo2; C:\Windows\System32\Drivers\jmcam_lo.sys [31088 2010-02-05] (JMicron Technology Corp.)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66328 2012-02-07] (Logitech Inc.)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2011-08-02] (Apple Inc.) [File not signed]
R5 tammgF119; C:\Windows\System32\Drivers\tammgF119.sys [26760 2015-04-06] () [File not signed]
R5 tammgR119; C:\Windows\System32\Drivers\tammgR119.sys [26248 2015-04-06] () [File not signed]
R3 wdmirror; C:\Windows\System32\DRIVERS\WDMirror.sys [11280 2009-07-16] (Lenovo)
U3 BcmSqlStartupSvc; No ImagePath
R3 cpuz134; \??\C:\Users\User\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [X]
U2 RichVideo; No ImagePath
U3 SQLWriter; No ImagePath
S3 uxddrv; \??\E:\DIAGNOSE\WSTGER64\2PART\uxddrv64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-08 22:50 - 2015-04-08 22:50 - 00025988 _____ () C:\Users\User\Downloads\FRST.txt
2015-04-08 22:50 - 2015-04-08 22:50 - 00000000 ____D () C:\FRST
2015-04-08 22:49 - 2015-04-08 22:49 - 02095616 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2015-04-08 22:48 - 2015-04-08 22:48 - 00000470 _____ () C:\Users\User\Downloads\defogger_disable.log
2015-04-08 22:48 - 2015-04-08 22:48 - 00000000 _____ () C:\Users\User\defogger_reenable
2015-04-08 22:47 - 2015-04-08 22:47 - 00050477 _____ () C:\Users\User\Downloads\Defogger.exe
2015-04-08 22:16 - 2015-04-08 22:39 - 00000000 ____D () C:\Program Files\Reimage
2015-04-08 22:14 - 2015-04-08 22:18 - 00000158 _____ () C:\windows\Reimage.ini
2015-04-08 22:14 - 2015-04-08 22:14 - 00768512 _____ (Reimage®) C:\Users\User\Downloads\ReimageRepair.exe
2015-04-08 14:52 - 2015-04-08 14:52 - 00003202 _____ () C:\windows\System32\Tasks\avastBCLRestartS-1-5-21-1326109875-696039885-1899394854-1000
2015-04-07 16:20 - 2015-04-07 16:20 - 02876419 _____ () C:\windows\shost.bin
2015-04-06 17:33 - 2015-04-06 17:33 - 00000000 ____D () C:\Users\User\Desktop\Alte Firefox-Daten
2015-04-06 17:02 - 2015-04-06 17:02 - 00011076 _____ () C:\Users\User\Downloads\7C54E162B7FD6F2397B5500A18A326FF76ABD07B.torrent
2015-04-06 16:30 - 2015-04-06 16:31 - 00000000 ____D () C:\Users\User\AppData\Roaming\Opera Software
2015-04-06 16:30 - 2015-04-06 16:31 - 00000000 ____D () C:\Users\User\AppData\Local\Opera Software
2015-04-06 16:25 - 2015-04-06 16:31 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-04-06 16:23 - 2015-04-06 16:25 - 00000000 ____D () C:\Users\User\AppData\Roaming\00000000-1428330225-0000-0000-000000000000
2015-04-06 16:20 - 2015-04-06 16:20 - 00026760 _____ () C:\windows\system32\Drivers\tammgF119.sys
2015-04-06 16:20 - 2015-04-06 16:20 - 00026248 _____ () C:\windows\system32\Drivers\tammgR119.sys
2015-04-06 16:20 - 2015-04-06 16:20 - 00000000 ____D () C:\ProgramData\eazyzoom
2015-04-06 16:16 - 2015-04-06 16:16 - 01537552 _____ (Dummy, Ltd.) C:\Users\User\Downloads\warhammer chaos army book_10924_i50052832_il345.exe
2015-04-04 13:15 - 2015-04-04 13:16 - 00000000 ___SD () C:\windows\system32\GWX
2015-04-04 13:15 - 2015-04-04 13:15 - 00000000 ___SD () C:\windows\SysWOW64\GWX
2015-04-03 12:41 - 2015-04-07 10:36 - 00001996 _____ () C:\windows\PFRO.log
2015-04-02 21:07 - 2015-04-02 21:07 - 00034128 _____ () C:\Users\User\AppData\Local\recently-used.xbel
2015-04-02 20:13 - 2015-04-02 20:13 - 00000000 ____D () C:\ProgramData\482632dc000026a9
2015-04-02 20:11 - 2015-04-02 20:11 - 00000000 ____D () C:\Users\User\Documents\Optimizer Pro
2015-04-02 20:10 - 2015-04-02 20:10 - 00000000 ____D () C:\Users\User\AppData\Roaming\dlg
2015-04-02 20:05 - 2015-04-08 21:52 - 00000000 ____D () C:\ProgramData\{559aac06-3e54-c069-559a-aac063e5b018}
2015-04-02 20:05 - 2015-04-02 21:20 - 00000000 ____D () C:\Users\User\AppData\Roaming\Steganos VPN
2015-04-02 20:04 - 2015-04-02 21:22 - 00000000 ____D () C:\Users\User\AppData\Roaming\Steganos
2015-04-02 20:04 - 2015-04-02 21:22 - 00000000 ____D () C:\Program Files (x86)\OkayFreedom
2015-04-02 20:03 - 2015-04-02 20:03 - 00000000 ____D () C:\Program Files (x86)\WEB.DE MailCheck
2015-03-31 17:16 - 2015-03-31 17:25 - 146348556 _____ () C:\Users\User\Downloads\Cult Classic Records - Cult Classic Records Present- Friends and Family.zip
2015-03-30 16:05 - 2015-03-30 16:08 - 00000000 ____D () C:\Users\User\Desktop\ebay
2015-03-26 14:43 - 2015-04-08 21:49 - 00002029 _____ () C:\windows\setupact.log
2015-03-26 14:43 - 2015-03-26 14:43 - 00000000 _____ () C:\windows\setuperr.log
2015-03-18 21:50 - 2015-03-18 23:32 - 00016384 _____ () C:\Users\User\Desktop\PrinceKoala.mp4.sfk
2015-03-12 12:59 - 2015-02-20 06:41 - 00041984 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2015-03-12 12:59 - 2015-02-20 06:40 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2015-03-12 12:59 - 2015-02-20 06:40 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2015-03-12 12:59 - 2015-02-20 06:40 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2015-03-12 12:59 - 2015-02-20 06:13 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2015-03-12 12:59 - 2015-02-20 06:13 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2015-03-12 12:59 - 2015-02-20 06:13 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2015-03-12 12:59 - 2015-02-20 06:12 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2015-03-12 12:59 - 2015-02-20 05:29 - 00372224 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2015-03-12 12:59 - 2015-02-20 05:09 - 00299008 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2015-03-11 18:29 - 2015-03-11 18:33 - 132569976 _____ () C:\Users\User\Downloads\WHTW.zip
2015-03-11 16:41 - 2015-02-03 05:31 - 14632960 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2015-03-11 16:41 - 2015-02-03 05:31 - 00782848 _____ (Microsoft Corporation) C:\windows\system32\wmdrmsdk.dll
2015-03-11 16:41 - 2015-02-03 05:30 - 01202176 _____ (Microsoft Corporation) C:\windows\system32\drmv2clt.dll
2015-03-11 16:41 - 2015-02-03 05:30 - 00842240 _____ (Microsoft Corporation) C:\windows\system32\blackbox.dll
2015-03-11 16:41 - 2015-02-03 05:12 - 00988160 _____ (Microsoft Corporation) C:\windows\SysWOW64\drmv2clt.dll
2015-03-11 16:41 - 2015-02-03 05:12 - 00744960 _____ (Microsoft Corporation) C:\windows\SysWOW64\blackbox.dll
2015-03-11 16:40 - 2015-02-03 05:34 - 05554104 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-03-11 16:40 - 2015-02-03 05:34 - 00693176 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2015-03-11 16:40 - 2015-02-03 05:34 - 00094656 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys
2015-03-11 16:40 - 2015-02-03 05:33 - 00616360 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2015-03-11 16:40 - 2015-02-03 05:31 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2015-03-11 16:40 - 2015-02-03 05:31 - 01574400 _____ (Microsoft Corporation) C:\windows\system32\quartz.dll
2015-03-11 16:40 - 2015-02-03 05:31 - 00641024 _____ (Microsoft Corporation) C:\windows\system32\msscp.dll
2015-03-11 16:40 - 2015-02-03 05:31 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-03-11 16:40 - 2015-02-03 05:31 - 00500224 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2015-03-11 16:40 - 2015-02-03 05:31 - 00432128 _____ (Microsoft Corporation) C:\windows\system32\mfplat.dll
2015-03-11 16:40 - 2015-02-03 05:31 - 00371712 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2015-03-11 16:40 - 2015-02-03 05:31 - 00325632 _____ (Microsoft Corporation) C:\windows\system32\msnetobj.dll
2015-03-11 16:40 - 2015-02-03 05:31 - 00229376 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2015-03-11 16:40 - 2015-02-03 05:31 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2015-03-11 16:40 - 2015-02-03 05:31 - 00188416 _____ (Microsoft Corporation) C:\windows\system32\pcasvc.dll
2015-03-11 16:40 - 2015-02-03 05:31 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2015-03-11 16:40 - 2015-02-03 05:31 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-03-11 16:40 - 2015-02-03 05:31 - 00037376 _____ (Microsoft Corporation) C:\windows\system32\pcadm.dll
2015-03-11 16:40 - 2015-02-03 05:31 - 00011264 _____ (Microsoft Corporation) C:\windows\system32\msmmsp.dll
2015-03-11 16:40 - 2015-02-03 05:31 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\spwmp.dll
2015-03-11 16:40 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\msdxm.ocx
2015-03-11 16:40 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\dxmasf.dll
2015-03-11 16:40 - 2015-02-03 05:30 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2015-03-11 16:40 - 2015-02-03 05:30 - 01480192 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2015-03-11 16:40 - 2015-02-03 05:30 - 01069056 _____ (Microsoft Corporation) C:\windows\system32\cryptui.dll
2015-03-11 16:40 - 2015-02-03 05:30 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2015-03-11 16:40 - 2015-02-03 05:30 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\evr.dll
2015-03-11 16:40 - 2015-02-03 05:30 - 00497664 _____ (Microsoft Corporation) C:\windows\system32\drmmgrtn.dll
2015-03-11 16:40 - 2015-02-03 05:30 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2015-03-11 16:40 - 2015-02-03 05:30 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-03-11 16:40 - 2015-02-03 05:30 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2015-03-11 16:40 - 2015-02-03 05:30 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2015-03-11 16:40 - 2015-02-03 05:30 - 00187904 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2015-03-11 16:40 - 2015-02-03 05:30 - 00146944 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2015-03-11 16:40 - 2015-02-03 05:30 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2015-03-11 16:40 - 2015-02-03 05:30 - 00126464 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe
2015-03-11 16:40 - 2015-02-03 05:30 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-03-11 16:40 - 2015-02-03 05:30 - 00082432 _____ (Microsoft Corporation) C:\windows\system32\cryptsp.dll
2015-03-11 16:40 - 2015-02-03 05:30 - 00058880 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2015-03-11 16:40 - 2015-02-03 05:30 - 00055808 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe
2015-03-11 16:40 - 2015-02-03 05:30 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-03-11 16:40 - 2015-02-03 05:30 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2015-03-11 16:40 - 2015-02-03 05:30 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe
2015-03-11 16:40 - 2015-02-03 05:30 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2015-03-11 16:40 - 2015-02-03 05:30 - 00011264 _____ (Microsoft Corporation) C:\windows\system32\pcawrk.exe
2015-03-11 16:40 - 2015-02-03 05:30 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\pcalua.exe
2015-03-11 16:40 - 2015-02-03 05:29 - 00008704 _____ (Microsoft Corporation) C:\windows\system32\pcaevts.dll
2015-03-11 16:40 - 2015-02-03 05:28 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-03-11 16:40 - 2015-02-03 05:28 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll
2015-03-11 16:40 - 2015-02-03 05:19 - 00663552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\PEAuth.sys
2015-03-11 16:40 - 2015-02-03 05:16 - 03973048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-03-11 16:40 - 2015-02-03 05:16 - 03917760 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-03-11 16:40 - 2015-02-03 05:12 - 11411968 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2015-03-11 16:40 - 2015-02-03 05:12 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2015-03-11 16:40 - 2015-02-03 05:12 - 01329664 _____ (Microsoft Corporation) C:\windows\SysWOW64\quartz.dll
2015-03-11 16:40 - 2015-02-03 05:12 - 01174528 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2015-03-11 16:40 - 2015-02-03 05:12 - 01005056 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptui.dll
2015-03-11 16:40 - 2015-02-03 05:12 - 00617984 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmdrmsdk.dll
2015-03-11 16:40 - 2015-02-03 05:12 - 00519680 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll
2015-03-11 16:40 - 2015-02-03 05:12 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\msscp.dll
2015-03-11 16:40 - 2015-02-03 05:12 - 00489984 _____ (Microsoft Corporation) C:\windows\SysWOW64\evr.dll
2015-03-11 16:40 - 2015-02-03 05:12 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2015-03-11 16:40 - 2015-02-03 05:12 - 00406016 _____ (Microsoft Corporation) C:\windows\SysWOW64\drmmgrtn.dll
2015-03-11 16:40 - 2015-02-03 05:12 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2015-03-11 16:40 - 2015-02-03 05:12 - 00354816 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfplat.dll
2015-03-11 16:40 - 2015-02-03 05:12 - 00265216 _____ (Microsoft Corporation) C:\windows\SysWOW64\msnetobj.dll
2015-03-11 16:40 - 2015-02-03 05:12 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2015-03-11 16:40 - 2015-02-03 05:12 - 00179200 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2015-03-11 16:40 - 2015-02-03 05:12 - 00143872 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
2015-03-11 16:40 - 2015-02-03 05:12 - 00103936 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptnet.dll
2015-03-11 16:40 - 2015-02-03 05:12 - 00103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll
2015-03-11 16:40 - 2015-02-03 05:12 - 00081408 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsp.dll
2015-03-11 16:40 - 2015-02-03 05:12 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2015-03-11 16:40 - 2015-02-03 05:12 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-03-11 16:40 - 2015-02-03 05:12 - 00008192 _____ (Microsoft Corporation) C:\windows\SysWOW64\spwmp.dll
2015-03-11 16:40 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdxm.ocx
2015-03-11 16:40 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxmasf.dll
2015-03-11 16:40 - 2015-02-03 05:11 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL
2015-03-11 16:40 - 2015-02-03 05:11 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\rrinstaller.exe
2015-03-11 16:40 - 2015-02-03 05:11 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfpmp.exe
2015-03-11 16:40 - 2015-02-03 05:09 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mferror.dll
2015-03-11 16:40 - 2015-02-03 05:08 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2015-03-11 16:40 - 2015-02-03 04:32 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2015-03-11 16:40 - 2014-11-01 00:24 - 00619056 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2015-03-11 16:40 - 2014-06-28 02:21 - 00532176 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
2015-03-11 16:40 - 2014-06-28 02:21 - 00457400 _____ (Microsoft Corporation) C:\windows\system32\ci.dll
2015-03-11 16:39 - 2015-03-06 07:56 - 00155576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-03-11 16:39 - 2015-03-06 07:56 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-03-11 16:39 - 2015-03-06 07:42 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-03-11 16:39 - 2015-03-06 07:42 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-03-11 16:39 - 2015-03-06 07:42 - 00341504 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-03-11 16:39 - 2015-03-06 07:42 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-03-11 16:39 - 2015-03-06 07:42 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-03-11 16:39 - 2015-03-06 07:42 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-03-11 16:39 - 2015-03-06 07:42 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-03-11 16:39 - 2015-03-06 07:42 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-03-11 16:39 - 2015-03-06 07:42 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-03-11 16:39 - 2015-03-06 07:42 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-03-11 16:39 - 2015-03-06 07:42 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-03-11 16:39 - 2015-03-06 07:41 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-03-11 16:39 - 2015-03-06 07:41 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-03-11 16:39 - 2015-03-06 07:39 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-03-11 16:39 - 2015-03-06 07:38 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-03-11 16:39 - 2015-03-06 07:36 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-03-11 16:39 - 2015-03-06 07:10 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-03-11 16:39 - 2015-03-06 07:10 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-03-11 16:39 - 2015-03-06 07:10 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-03-11 16:39 - 2015-03-06 07:10 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-03-11 16:39 - 2015-03-06 07:10 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-03-11 16:39 - 2015-03-06 07:10 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-03-11 16:39 - 2015-03-06 07:10 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-03-11 16:39 - 2015-03-06 07:10 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-03-11 16:39 - 2015-03-06 07:09 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-03-11 16:39 - 2015-03-06 07:09 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-03-11 16:39 - 2015-03-06 07:07 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-03-11 16:39 - 2015-03-06 07:07 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-03-11 16:39 - 2015-03-06 07:06 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-03-11 16:39 - 2015-02-26 05:25 - 03204096 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-03-11 16:39 - 2015-02-24 05:15 - 00389800 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-03-11 16:39 - 2015-02-24 04:32 - 00342696 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-03-11 16:39 - 2015-02-21 03:16 - 25021440 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-03-11 16:39 - 2015-02-21 02:41 - 12827648 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-03-11 16:39 - 2015-02-21 02:27 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-03-11 16:39 - 2015-02-21 02:27 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-03-11 16:39 - 2015-02-21 02:25 - 19720192 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-03-11 16:39 - 2015-02-21 01:58 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-03-11 16:39 - 2015-02-21 01:32 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-03-11 16:39 - 2015-02-20 05:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-03-11 16:39 - 2015-02-20 05:05 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-03-11 16:39 - 2015-02-20 04:50 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-03-11 16:39 - 2015-02-20 04:49 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-03-11 16:39 - 2015-02-20 04:49 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-03-11 16:39 - 2015-02-20 04:48 - 02886144 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-03-11 16:39 - 2015-02-20 04:47 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-03-11 16:39 - 2015-02-20 04:41 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-03-11 16:39 - 2015-02-20 04:40 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-03-11 16:39 - 2015-02-20 04:36 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-03-11 16:39 - 2015-02-20 04:35 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-03-11 16:39 - 2015-02-20 04:35 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-03-11 16:39 - 2015-02-20 04:34 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-03-11 16:39 - 2015-02-20 04:32 - 06035456 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-03-11 16:39 - 2015-02-20 04:26 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-03-11 16:39 - 2015-02-20 04:22 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-03-11 16:39 - 2015-02-20 04:22 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-03-11 16:39 - 2015-02-20 04:13 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-03-11 16:39 - 2015-02-20 04:09 - 00503296 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-03-11 16:39 - 2015-02-20 04:08 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-03-11 16:39 - 2015-02-20 04:08 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-03-11 16:39 - 2015-02-20 04:08 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-03-11 16:39 - 2015-02-20 04:06 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-03-11 16:39 - 2015-02-20 04:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-03-11 16:39 - 2015-02-20 04:03 - 02278400 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-03-11 16:39 - 2015-02-20 04:01 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-03-11 16:39 - 2015-02-20 04:00 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-03-11 16:39 - 2015-02-20 03:58 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-03-11 16:39 - 2015-02-20 03:56 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-03-11 16:39 - 2015-02-20 03:56 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-03-11 16:39 - 2015-02-20 03:49 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-03-11 16:39 - 2015-02-20 03:49 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-03-11 16:39 - 2015-02-20 03:47 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-03-11 16:39 - 2015-02-20 03:46 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-03-11 16:39 - 2015-02-20 03:43 - 14398976 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-03-11 16:39 - 2015-02-20 03:41 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-11 16:39 - 2015-02-20 03:37 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-03-11 16:39 - 2015-02-20 03:30 - 04300288 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-03-11 16:39 - 2015-02-20 03:28 - 02358784 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-03-11 16:39 - 2015-02-20 03:24 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-03-11 16:39 - 2015-02-20 03:24 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-03-11 16:39 - 2015-02-20 03:23 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-03-11 16:39 - 2015-02-20 03:16 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-03-11 16:39 - 2015-02-20 03:03 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-03-11 16:39 - 2015-02-20 03:01 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-03-11 16:39 - 2015-02-20 02:57 - 01311232 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-03-11 16:39 - 2015-02-20 02:55 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-03-11 16:39 - 2015-02-13 07:26 - 12875264 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2015-03-11 16:39 - 2015-02-13 07:22 - 14177280 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2015-03-11 16:39 - 2015-02-04 05:16 - 00465920 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2015-03-11 16:39 - 2015-02-04 04:54 - 00417792 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMPhoto.dll
2015-03-11 16:39 - 2015-02-03 05:31 - 01424896 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2015-03-11 16:39 - 2015-02-03 05:31 - 00215552 _____ (Microsoft Corporation) C:\windows\system32\ubpm.dll
2015-03-11 16:39 - 2015-02-03 05:12 - 01230848 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2015-03-11 16:39 - 2015-02-03 05:12 - 00171520 _____ (Microsoft Corporation) C:\windows\SysWOW64\ubpm.dll
2015-03-11 16:39 - 2015-01-31 01:56 - 00459336 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-03-11 16:39 - 2015-01-17 04:48 - 01067520 _____ (Microsoft Corporation) C:\windows\system32\msctf.dll
2015-03-11 16:39 - 2015-01-17 04:30 - 00828928 _____ (Microsoft Corporation) C:\windows\SysWOW64\msctf.dll
2015-03-10 23:04 - 2015-03-10 23:04 - 02364621 _____ () C:\Users\User\Desktop\taowlogobase.xcf
2015-03-10 12:58 - 2015-03-10 13:33 - 00000000 ____D () C:\Users\User\Desktop\maxworx
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-08 22:48 - 2013-06-17 20:53 - 00001110 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-08 22:43 - 2012-05-15 15:28 - 00000000 ____D () C:\Users\User\AppData\Local\Google
2015-04-08 22:40 - 2012-08-15 21:01 - 00000000 ____D () C:\Users\User\AppData\Roaming\Mozilla
2015-04-08 22:28 - 2012-07-04 00:41 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2015-04-08 22:09 - 2012-05-28 03:13 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-04-08 22:04 - 2012-05-28 03:13 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-04-08 22:03 - 2012-05-28 03:13 - 00778928 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-04-08 22:03 - 2012-05-16 17:56 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-08 21:58 - 2012-05-11 10:27 - 01094898 _____ () C:\windows\WindowsUpdate.log
2015-04-08 21:56 - 2009-07-14 06:45 - 00027088 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-08 21:56 - 2009-07-14 06:45 - 00027088 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-08 21:52 - 2012-05-11 11:14 - 00000000 ____D () C:\ProgramData\VeriFace
2015-04-08 21:51 - 2013-06-17 20:53 - 00001106 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-08 21:50 - 2012-05-11 11:20 - 09637823 _____ () C:\FaceProv.log
2015-04-08 21:50 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-04-07 19:15 - 2012-05-15 15:57 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype
2015-04-06 17:11 - 2012-10-03 12:16 - 00000000 ____D () C:\Users\User\AppData\Roaming\uTorrent
2015-04-06 17:02 - 2012-05-27 11:06 - 00000000 ____D () C:\Users\User\Desktop\Games
2015-04-06 17:01 - 2012-05-15 15:28 - 00000000 ____D () C:\Users\User\AppData\Local\Deployment
2015-04-06 16:31 - 2012-05-11 12:33 - 00001421 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-06 16:06 - 2012-12-24 12:06 - 00000000 ____D () C:\Users\User\Documents\My Games
2015-04-06 14:26 - 2012-05-11 18:11 - 00699682 _____ () C:\windows\system32\perfh007.dat
2015-04-06 14:26 - 2012-05-11 18:11 - 00149790 _____ () C:\windows\system32\perfc007.dat
2015-04-06 14:26 - 2009-07-14 07:13 - 01620684 _____ () C:\windows\system32\PerfStringBackup.INI
2015-04-05 13:05 - 2012-05-15 15:53 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-04-03 12:42 - 2009-07-14 06:45 - 00293528 _____ () C:\windows\system32\FNTCACHE.DAT
2015-04-03 01:52 - 2012-05-11 12:33 - 00068376 _____ () C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-02 21:20 - 2015-03-03 00:49 - 00000000 ____D () C:\Users\User\Desktop\GiMP stuff
2015-04-02 21:07 - 2013-11-30 19:25 - 00000000 ____D () C:\Users\User\AppData\Local\gtk-2.0
2015-04-02 21:07 - 2013-11-30 19:16 - 00000000 ____D () C:\Users\User\.gimp-2.8
2015-04-02 19:50 - 2013-12-20 20:57 - 00002210 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-23 17:12 - 2012-06-07 18:21 - 00000000 ____D () C:\Users\User\AppData\Roaming\Spotify
2015-03-23 16:44 - 2012-06-07 18:21 - 00000000 ____D () C:\Users\User\AppData\Local\Spotify
2015-03-20 16:13 - 2009-07-14 07:08 - 00032640 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2015-03-18 21:49 - 2012-12-24 22:57 - 00000000 ____D () C:\Users\User\Documents\Vegas Movie Studio HD Platinum 11.0 Projekte
2015-03-18 13:30 - 2013-05-19 18:18 - 00000000 ____D () C:\Users\User\Desktop\alles
2015-03-14 02:46 - 2012-09-26 19:01 - 00000000 ____D () C:\Users\User\AppData\Roaming\TS3Client
2015-03-12 22:46 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\rescache
2015-03-12 12:44 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\SysWOW64\Dism
2015-03-12 12:44 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system32\Dism
==================== Files in the root of some directories =======
2013-03-30 17:25 - 2012-10-23 11:59 - 0060816 _____ () C:\Program Files (x86)\EULA.eng
2015-04-02 21:07 - 2015-04-02 21:07 - 0034128 _____ () C:\Users\User\AppData\Local\recently-used.xbel
2012-06-10 10:05 - 2013-10-28 22:22 - 0007595 _____ () C:\Users\User\AppData\Local\Resmon.ResmonCfg
Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\optprosetup.exe
C:\Users\User\AppData\Local\Temp\ReimagePackage.exe
C:\Users\User\AppData\Local\Temp\ReiSysUpdate.exe
C:\Users\User\AppData\Local\Temp\somoto_A Charming Font_1.0.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-04-04 12:42
==================== End Of Log ============================
|
|
08.04.2015, 23:27
| #2 |
| | wegen Überlänge aufgeteilt Außerdem: die Infektion, die Avast meist auf solchen Tabs blockiert, heißt: HTML:RedirME-inf [Trj]
__________________Die Datei im Anhang tut mir Leid, aber ich bin ratlos, wie ich die anderen dateien hier reinbringen soll. Direkt kopiert geht nicht, da ich damit das 6fache der maximal erlaubten Zeichen hätte, und zum hochladen ist die Datei ebenfalls um das 5fache zu groß (Die Datei, von der ich rede, ist das Ergebnis von gmer). edit: Hier der link zum mediafire upload der GMER txt datei: hxxp://www.mediafire.com/view/11ibihqco6izv8k/gmer.txt |
|
09.04.2015, 05:09
| #3 |
| /// the machine /// TB-Ausbilder    | Adware.SpeedingUp Virus Werbebanner Firefox Hi,
__________________Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen. Ich kann auf Arbeit keine Anhänge öffnen, danke.  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
09.04.2015, 12:40
| #4 |
| | Addition.txt FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by User at 2015-04-08 22:51:10
Running from C:\Users\User\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Disabled - Out of date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Out of date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKLM-x32\...\uTorrent) (Version: 3.2.0 - BitTorrent Inc.)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Reader X (10.1.0) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.0 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{308051DA-0048-7A07-FE8B-9B6EC119A9E8}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Amnesia: The Dark Descent (HKLM-x32\...\Steam App 57300) (Version: - )
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArtMoney SE v7.41 (HKLM-x32\...\ArtMoney SE_is1) (Version: 7.41 - System SoftLab)
avast! Internet Security (HKLM-x32\...\avast) (Version: 9.0.2021 - AVAST Software)
Bandicam (HKLM-x32\...\Bandicam) (Version: 2.1.2.740 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandisoft.com)
Battlefield 2(TM) Demo (HKLM-x32\...\{8BECF123-B0EF-4E51-B7F3-923EFE15CC4A}) (Version: - )
Bing Bar (HKLM-x32\...\{B4089055-D468-45A4-A6BA-5A138DD715FC}) (Version: 7.0.850.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 12.52.01 - Broadcom Corporation)
Call of Duty: Modern Warfare 3 - Multiplayer (HKLM-x32\...\Steam App 42690) (Version: - Infinity Ward - Sledgehammer Games)
Castle Story (HKLM-x32\...\Steam App 227860) (Version: - Sauropod Studio)
ccc-core-static (x32 Version: 2010.0505.2241.38914 - Ihr Firmenname) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.05 - Piriform)
Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version: - Torn Banner Studios)
Cloud System Booster (HKLM-x32\...\Cloud System Booster) (Version: 3.5 - Anvisoft)
Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 36.1.1.21 - Comodo)
Company of Heroes (New Steam Version) (HKLM-x32\...\Steam App 228200) (Version: - )
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2603 - CyberLink Corp.)
Dawn of War - Dark Crusade (HKLM-x32\...\{FF39FC01-819B-42E4-AE49-1968AF12DDD4}) (Version: 1.00.0000 - THQ)
DVD Architect Studio 5.0 (HKLM-x32\...\{04DF4A51-DE2A-11E0-9AB5-F04DA23A5C58}) (Version: 5.0.156 - Sony)
DVDVideoSoftTB DE Toolbar (HKLM-x32\...\DVDVideoSoftTB_DE Toolbar) (Version: 6.8.9.0 - DVDVideoSoftTB DE)
eazyzoom (HKLM-x32\...\{14803CA5-4974-4A33-82BC-3A2262F3A65A}) (Version: 1.1.0.30 - eazyzoom)
Energy Management (HKLM-x32\...\{0CE226F3-EB27-4ECD-BBF5-F088716779FD}) (Version: 5.4.1.6 - Lenovo)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
Free YouTube to MP3 Converter version 3.12.50.1111 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.50.1111 - DVDVideoSoft Ltd.)
GameRanger (HKU\S-1-5-21-1326109875-696039885-1899394854-1000\...\GameRanger) (Version: - GameRanger Technologies)
GeekBuddy (HKLM-x32\...\{741FC38C-2797-4AC1-AD63-4B65F9CA8B20}) (Version: 4.9.73 - Comodo Security Solutions Inc)
GIMP 2.8.8 (HKLM\...\GIMP-2_is1) (Version: 2.8.8 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Hybrid TV (HKLM\...\{CF29845C-705E-4450-A3FF-1D4754455AB9}) (Version: 6.14.10373 - Lenovo)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.4.1001 - Intel Corporation)
InterVideo WinDVD 8 (HKLM-x32\...\InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}) (Version: 8.0.20.108 - InterVideo Inc.)
InterVideo WinDVD 8 (x32 Version: 8.0.20.108 - InterVideo Inc.) Hidden
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
JavaFX 2.1.0 (HKLM-x32\...\{1111706F-666A-4037-7777-210328764D10}) (Version: 2.1.0 - Oracle Corporation)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.41.2 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.1200 - Broadcom Corporation)
Lenovo DirectShare (HKLM-x32\...\InstallShield_{B2164CCB-C002-4B80-8550-7535D80DF237}) (Version: 1.0.1.38 - ArcSoft)
Lenovo DirectShare (x32 Version: 1.0.1.38 - ArcSoft) Hidden
Lenovo EasyCamera (HKLM-x32\...\{F5608FF7-17C0-440A-80C7-29C48363BD87}) (Version: 1.0.9.2 - Suyin Optronics Corp.)
Lenovo MuteSync (HKLM-x32\...\InstallShield_{2955FADE-ADED-44AD-A853-D1EAEA7ACAD5}) (Version: 1.0.0.2 - Lenovo)
Lenovo MuteSync (x32 Version: 1.0.0.2 - Lenovo) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1230 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.1230 - CyberLink Corp.) Hidden
Lenovo ReadyComm 5 (HKLM-x32\...\{17542DBF-E17C-4562-BC4D-FA3EF3076C45}) (Version: 5.1.1.22 - Lenovo)
Lenovo ReadyComm 5.0 Service (HKLM-x32\...\{76C66170-C538-4E77-B54D-48E136B5B533}) (Version: 5.0.0.1 - Lenovo Group Limited)
Lenovo SlideNav (HKLM-x32\...\Lenovo SlideNav2) (Version: 2.0.1230.0003 - Lenovo)
Lenovo SplitScreen (HKLM-x32\...\Lenovo SplitScreen) (Version: 1.00.1529.0001 - Lenovo)
Lenovo_Wireless_Driver (HKLM-x32\...\{28ABE740-47F3-441B-9437-852F6A64EFF8}) (Version: 1.02.01 - Lenovo)
Logitech Gaming Software 8.30 (HKLM\...\Logitech Gaming Software) (Version: 8.30.86 - Logitech Inc.)
Medieval II Total War (HKLM-x32\...\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}) (Version: 1.00.0000 - SEGA)
MegaTrainer eXperience V1.1.4.8 (HKLM-x32\...\MegaTrainer eXperience_is1) (Version: - )
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{F112F66E-25CA-42DD-983C-6118EB38F606}) (Version: 3.0.89.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 36.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0 (x86 de)) (Version: 36.0 - Mozilla)
Mozilla Firefox 37.0.1 (x86 de) (HKU\S-1-5-21-1326109875-696039885-1899394854-1000\...\Mozilla Firefox 37.0.1 (x86 de)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 14.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Onekey Theater (HKLM-x32\...\{DFB19121-0609-49C1-92B1-546E5A940FE8}) (Version: 2.0.1.8 - Lenovo)
OpenOffice.org 3.4 (HKLM-x32\...\{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}) (Version: 3.4.9590 - OpenOffice.org)
Origin (HKLM-x32\...\Origin) (Version: 9.0.15.65 - Electronic Arts, Inc.)
Oxelon Media Converter 1.1 (HKLM-x32\...\Oxelon Media Converter_is1) (Version: - Oxelon)
paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC42}) (Version: 4.0.5 - dotPDN LLC)
PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.4809d4 - CyberLink Corp.)
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6034 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6096 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.49 - Piriform)
Rome - Total War - Gold Edition (HKLM-x32\...\{2E97F7E8-ABDE-4E0D-B0AD-B6B4BAD89E24}) (Version: 1.6 - The Creative Assembly)
Rome: Total War - Alexander (HKLM-x32\...\Steam App 4770) (Version: - The Creative Assembly)
Rome: Total War (HKLM-x32\...\Steam App 4760) (Version: - The Creative Assembly)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sound Forge Audio Studio 10.0 (HKLM-x32\...\{0AA0DA00-A1D3-11E0-B9A9-005056C00008}) (Version: 10.0.176 - Sony)
Spotify (HKU\S-1-5-21-1326109875-696039885-1899394854-1000\...\Spotify) (Version: 0.9.13.24.g5dbb3103 - Spotify AB)
Spotydl 0.9.36.0 (HKLM-x32\...\Spotydl_is1) (Version: 0.9.36.0 - spotydl.com)
Star Wars Battlefront II (HKLM-x32\...\{3D374523-CFDE-461A-827E-2A102E2AB365}) (Version: 1.0 - LucasArts)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
supra DateSet (HKLM-x32\...\{F6BA8F2A-9DA9-49DA-BD57-9D45DA73FD74}) (Version: 1.1.0.0 - SUPRA Foto-Elektronik-Vertriebs-GmbH)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.19.1 - Synaptics Incorporated)
TeamSpeak 3 Client (HKU\S-1-5-21-1326109875-696039885-1899394854-1000\...\TeamSpeak 3 Client) (Version: 3.0.11 - TeamSpeak Systems GmbH)
Total War: SHOGUN 2 (HKLM-x32\...\Steam App 34330) (Version: - The Creative Assembly)
Unturned (HKLM-x32\...\Steam App 304930) (Version: - Nelson Sexton)
Vegas Movie Studio HD Platinum 11.0 (HKLM-x32\...\{7ED73E5E-7F67-11E1-9898-F04DA23A5C58}) (Version: 11.0.322 - Sony)
VeriFace (HKLM-x32\...\VeriFace) (Version: 3.6.0.1211 - Lenovo)
VirtualDJ Home FREE (HKLM-x32\...\{B515962D-C979-44AC-9912-F7BB499B4B2C}) (Version: 7.3 - Atomix Productions)
VLC media player 2.0.0 (HKLM-x32\...\VLC media player) (Version: 2.0.0 - VideoLAN)
WEB.DE MailCheck für Mozilla Firefox (HKLM-x32\...\1&1 Mail & Media GmbH Toolbar FF) (Version: 3.0.2.1739 - 1&1 Mail & Media GmbH)
Windows Driver Package - Broadcom Bluetooth (01/06/2010 6.2.0.9416) (HKLM\...\DFEA59689C004DFD0378309F3A583EA32D78A1B3) (Version: 01/06/2010 6.2.0.9416 - Broadcom)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Driver Package - YUAN High-Tech Development Co., Ltd (ATIAVPCI) MEDIA (07/16/2009 6.14.10.373) (HKLM\...\DF9F23E360B18E10871A49C3BC1AEDA269B8E0E2) (Version: 07/16/2009 6.14.10.373 - YUAN High-Tech Development Co., Ltd)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows-Treiberpaket - Lenovo (ACPIVPC) System (10/19/2009 5.4.0.1) (HKLM\...\0A4175B489A1B4A6E07E11B063A6263480C51D71) (Version: 10/19/2009 5.4.0.1 - Lenovo)
WinRAR 4.20 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WSOP.com (HKLM-x32\...\WSOP.com) (Version: - )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1326109875-696039885-1899394854-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1326109875-696039885-1899394854-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1326109875-696039885-1899394854-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1326109875-696039885-1899394854-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1326109875-696039885-1899394854-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> No File Path
==================== Restore Points =========================
05-04-2015 00:16:15 Geplanter Prüfpunkt
06-04-2015 14:26:30 Windows-Sicherung
07-04-2015 11:42:46 Wiederherstellungsvorgang
08-04-2015 22:39:59 Removed Google Talk Plugin
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {019C4EE4-8602-443B-B7F7-9BB84811FF50} - System32\Tasks\{7F83CC93-BB73-45BD-A64E-305A81C59F66} => pcalua.exe -a C:\Users\User\Downloads\WSOPOnline.exe -d C:\Users\User\Downloads
Task: {03E721F7-18D4-4820-B24E-A371781C8942} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {11C9932B-AE16-4357-88FB-AAD977D7934A} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-09-08] (AVAST Software)
Task: {1746E1E2-95D9-4AC5-B87B-06D15D0040FD} - System32\Tasks\avastBCLRestartS-1-5-21-1326109875-696039885-1899394854-1000 => Firefox.exe
Task: {2C0FF014-B70C-4453-BBF7-8130A039A476} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-08-21] (Piriform Ltd)
Task: {4A459AA6-AC6F-46C1-B353-05CB02B3408D} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {5978DAA9-5B2F-4345-A9A2-00C1FAA537F1} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {5BF0B4AB-CF15-48B7-AC1A-3CE2E920C046} - System32\Tasks\{8F48537E-E013-4CC4-AA52-92991BB1A788} => C:\Program Files (x86)\Steam\Steam.exe [2015-03-24] (Valve Corporation)
Task: {91C85EE1-62B1-491C-B629-30FFC9207324} - System32\Tasks\{1FC9BAE6-FD94-41AE-9235-315F0D85462D} => C:\Program Files (x86)\The Creative Assembly\Rome - Total War\RomeTW.exe
Task: {959A8A3E-DBB8-4081-9AD6-9E004666C874} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-08] (Adobe Systems Incorporated)
Task: {972B1CE5-8C1B-453F-8A53-6A814FAA8509} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-17] (Google Inc.)
Task: {9A6D414B-6110-457F-88C2-3CE15858FB0B} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {9DF028DD-3CBC-4720-9362-EB3523350DB7} - System32\Tasks\{59AF354B-FA4C-4185-9BF8-3DD687F9A553} => C:\Program Files (x86)\Steam\Steam.exe [2015-03-24] (Valve Corporation)
Task: {AB8B5C03-329D-481A-91A0-40F377C76CEB} - System32\Tasks\{0D6163AB-BEEA-42F2-8C72-CE97D4D97549} => C:\Program Files (x86)\Sony Vegas Movie Studio\Vegas Movie Studio HD Platinum 11.0\VegasMovieStudioPE110.exe [2012-04-05] (Sony Creative Software Inc.)
Task: {AFE5FDC8-FBFB-4FA4-8950-43FDBD044922} - System32\Tasks\{8E905D90-C6AB-42B3-B093-C33BF54BD2B0} => pcalua.exe -a "C:\Program Files (x86)\GameSpy Arcade\Aphex.exe" -d C:\PROGRA~2\GAMESP~1
Task: {CCA14B64-7DB2-423B-93BC-08CCE6D376F6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-17] (Google Inc.)
Task: {F1EAA952-31FE-45F2-8D1E-557F15A93D9B} - System32\Tasks\{6BFF4D1A-FE9C-4AA9-A351-E0EFA5C50DF5} => C:\Users\User\Desktop\Games\age 2\age2_x1.exe [2000-08-08] (Microsoft Corporation)
Task: {FFADDA8D-6D23-4814-B84E-19F25D8673A2} - System32\Tasks\{C20ACD1A-3F8F-40B7-B054-E71BAB166859} => pcalua.exe -a "C:\Users\User\Desktop\Games\age 2\Setupreg.exe" -d "C:\Users\User\Desktop\Games\age 2"
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2012-05-11 11:03 - 2009-12-19 04:52 - 00201120 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect64.dll
2012-05-11 11:03 - 2009-12-19 04:53 - 00156576 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll64.dll
2012-05-11 11:14 - 2012-05-11 11:14 - 01502720 _____ () C:\windows\system32\IcnOvrly.dll
2013-08-05 08:15 - 2013-08-05 08:15 - 00070712 _____ () C:\windows\system32\bdmpega64.acm
2010-01-12 18:15 - 2010-01-12 18:15 - 00173344 _____ () C:\Program Files\Lenovo\Bluetooth Software\btkeyind.dll
2012-05-11 11:05 - 2009-07-15 17:55 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2012-05-11 11:03 - 2009-12-19 04:52 - 00100256 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
2012-05-11 11:05 - 2009-07-15 17:55 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2008-05-21 12:59 - 2008-05-21 12:59 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2012-05-11 10:44 - 2012-05-11 10:44 - 00270336 _____ () C:\windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2015-04-08 22:47 - 2015-04-08 22:47 - 00050477 _____ () C:\Users\User\Downloads\Defogger.exe
2014-09-08 17:03 - 2014-09-08 17:03 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2015-04-08 15:06 - 2015-04-08 15:06 - 02925056 _____ () C:\Program Files\AVAST Software\Avast\defs\15040801\algo.dll
2015-04-08 21:54 - 2015-04-08 21:54 - 02925056 _____ () C:\Program Files\AVAST Software\Avast\defs\15040802\algo.dll
2012-02-20 21:29 - 2012-02-20 21:29 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-02-20 21:28 - 2012-02-20 21:28 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-05-11 11:03 - 2009-12-19 04:50 - 00161696 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll
2012-05-11 11:03 - 2009-12-19 04:51 - 00133024 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll
2012-05-11 11:14 - 2012-05-11 11:14 - 00492896 _____ () C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
2014-09-08 17:03 - 2014-09-08 17:03 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2012-05-11 10:36 - 2009-11-20 17:19 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2015-02-04 23:09 - 2015-02-04 23:09 - 16852144 _____ () C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll
2012-12-07 16:16 - 2012-12-07 16:16 - 22224096 _____ () C:\Users\User\AppData\Roaming\GameRanger\GameRanger Prefs\Components\libcef.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1326109875-696039885-1899394854-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: CLPSLauncher => 2
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
==================== Accounts: =============================
Administrator (S-1-5-21-1326109875-696039885-1899394854-500 - Administrator - Disabled)
Gast (S-1-5-21-1326109875-696039885-1899394854-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1326109875-696039885-1899394854-1002 - Limited - Enabled)
User (S-1-5-21-1326109875-696039885-1899394854-1000 - Administrator - Enabled) => C:\Users\User
==================== Faulty Device Manager Devices =============
Name: avast! Firewall NDIS Filter Miniport
Description: avast! Firewall NDIS Filter Miniport
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ALWIL Software
Service: aswNdis
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
Name: Broadcom BCM2070 Bluetooth 2.1+EDR USB Device
Description: Broadcom BCM2070 Bluetooth 2.1+EDR USB Device
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Broadcom
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (04/08/2015 10:40:11 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddWin32ServiceFiles: Unable to back up image of service jimshle since QueryServiceConfig API failed
System Error:
Zugriff verweigert
.
Error: (04/08/2015 10:40:11 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddWin32ServiceFiles: Unable to back up image of service isazpav since QueryServiceConfig API failed
System Error:
Zugriff verweigert
.
Error: (04/08/2015 10:40:11 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary tammgR119 service.
System Error:
Zugriff verweigert
.
Error: (04/08/2015 10:40:11 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary tammgF119 service.
System Error:
Zugriff verweigert
.
Error: (04/08/2015 02:52:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 37.0.1.5570, Zeitstempel: 0x551e23ee
Name des fehlerhaften Moduls: mozalloc.dll, Version: 37.0.1.5570, Zeitstempel: 0x551e1536
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001aa1
ID des fehlerhaften Prozesses: 0xda0
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (04/07/2015 00:37:07 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: Unbekannter Fehler bei der Systemwiederherstellung: (Windows-Sicherung). Zusätzliche Informationen: 0x80070057.
Error: (04/07/2015 00:22:29 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: Unbekannter Fehler bei der Systemwiederherstellung: (Wiederherstellungsvorgang). Zusätzliche Informationen: 0x80070057.
Error: (04/07/2015 00:13:23 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: Unbekannter Fehler bei der Systemwiederherstellung: (Windows-Sicherung). Zusätzliche Informationen: 0x80070057.
Error: (04/07/2015 00:01:11 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: Unbekannter Fehler bei der Systemwiederherstellung: (Geplanter Prüfpunkt). Zusätzliche Informationen: 0x80070057.
Error: (04/07/2015 11:42:53 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddWin32ServiceFiles: Unable to back up image of service jimshle since QueryServiceConfig API failed
System Error:
Zugriff verweigert
.
System errors:
=============
Error: (04/08/2015 09:54:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ReadyComm.DirectRouter" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (04/08/2015 09:51:10 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
CFRMD
Error: (04/08/2015 11:00:44 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ReadyComm.DirectRouter" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (04/08/2015 10:57:49 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
CFRMD
Error: (04/08/2015 10:56:26 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Search Protect by Conduit Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (04/08/2015 10:50:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ReadyComm.DirectRouter" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (04/08/2015 10:48:19 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
CFRMD
Error: (04/07/2015 07:55:42 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: Das Einlesen der Sicherungsliste durch den Suchdienst schlug auf Transport "\Device\NetBT_Tcpip_{1E289F5C-2B70-48AE-BC49-3CD6168DF27C}" zu oft fehl.
Der Sicherungssuchdienst wird beendet.
Error: (04/07/2015 07:31:46 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "MARTIN-VAIO",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{1E289F5C-2B70-48AE-BC49-3CD6168DF27C}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (04/07/2015 00:43:01 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.
Microsoft Office Sessions:
=========================
Error: (04/08/2015 10:40:11 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service jimshle since QueryServiceConfig API failed
System Error:
Zugriff verweigert
Error: (04/08/2015 10:40:11 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service isazpav since QueryServiceConfig API failed
System Error:
Zugriff verweigert
Error: (04/08/2015 10:40:11 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary tammgR119 service.
System Error:
Zugriff verweigert
Error: (04/08/2015 10:40:11 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary tammgF119 service.
System Error:
Zugriff verweigert
Error: (04/08/2015 02:52:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe37.0.1.5570551e23eemozalloc.dll37.0.1.5570551e15368000000300001aa1da001d071f5e0a77d7fD:\Programme\plugin-container.exeD:\Programme\mozalloc.dll0cf797a7-ddee-11e4-b7a7-e89a8fd864ed
Error: (04/07/2015 00:37:07 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: Windows-Sicherung0x80070057
Error: (04/07/2015 00:22:29 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: Wiederherstellungsvorgang0x80070057
Error: (04/07/2015 00:13:23 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: Windows-Sicherung0x80070057
Error: (04/07/2015 00:01:11 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: Geplanter Prüfpunkt0x80070057
Error: (04/07/2015 11:42:53 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service jimshle since QueryServiceConfig API failed
System Error:
Zugriff verweigert
CodeIntegrity Errors:
===================================
Date: 2015-04-07 19:59:50.679
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-04-07 19:15:51.459
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-04-07 13:52:45.607
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-04-07 13:09:15.175
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-04-05 11:46:56.727
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-04-04 00:20:31.755
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-04-03 01:25:18.010
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-04-03 00:19:41.020
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-04-02 21:34:43.129
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-04-02 16:23:42.701
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7 CPU Q 740 @ 1.73GHz
Percentage of memory in use: 37%
Total physical RAM: 8124.56 MB
Available physical RAM: 5103.86 MB
Total Pagefile: 16247.31 MB
Available Pagefile: 12890.59 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:421.81 GB) (Free:140.48 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:24.03 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: BB2F74B2)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=421.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=14.8 GB) - (Type=12)
==================== End Of Log ============================
|
|
09.04.2015, 12:44
| #5 |
| | gmer1Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-04-08 23:28:33
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\User\AppData\Local\Temp\kxldapob.sys
---- User code sections - GMER 2.1 ----
.text C:\windows\system32\csrss.exe[608] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777a1360 5 bytes JMP 000000014a350460
.text C:\windows\system32\csrss.exe[608] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777a13b0 5 bytes JMP 000000014a350450
.text C:\windows\system32\csrss.exe[608] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777a1510 5 bytes JMP 000000014a350370
.text C:\windows\system32\csrss.exe[608] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777a1560 5 bytes JMP 000000014a350470
.text C:\windows\system32\csrss.exe[608] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a1570 5 bytes JMP 000000014a3503e0
.text C:\windows\system32\csrss.exe[608] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a1620 5 bytes JMP 000000014a350320
.text C:\windows\system32\csrss.exe[608] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777a1650 5 bytes JMP 000000014a3503b0
.text C:\windows\system32\csrss.exe[608] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777a1670 5 bytes JMP 000000014a350390
.text C:\windows\system32\csrss.exe[608] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777a16b0 5 bytes JMP 000000014a3502e0
.text C:\windows\system32\csrss.exe[608] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a1730 5 bytes JMP 000000014a3502d0
.text C:\windows\system32\csrss.exe[608] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a1750 5 bytes JMP 000000014a350310
.text C:\windows\system32\csrss.exe[608] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a1790 5 bytes JMP 000000014a3503c0
.text C:\windows\system32\csrss.exe[608] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a17e0 5 bytes JMP 000000014a3503f0
.text C:\windows\system32\csrss.exe[608] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777a1940 5 bytes JMP 000000014a350230
.text C:\windows\system32\csrss.exe[608] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a1b00 5 bytes JMP 000000014a350480
.text C:\windows\system32\csrss.exe[608] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777a1b30 5 bytes JMP 000000014a3503a0
.text C:\windows\system32\csrss.exe[608] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a1c10 5 bytes JMP 000000014a3502f0
.text C:\windows\system32\csrss.exe[608] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777a1c20 5 bytes JMP 000000014a350350
.text C:\windows\system32\csrss.exe[608] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a1c80 5 bytes JMP 000000014a350290
.text C:\windows\system32\csrss.exe[608] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a1d10 5 bytes JMP 000000014a3502b0
.text C:\windows\system32\csrss.exe[608] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a1d30 5 bytes JMP 000000014a3503d0
.text C:\windows\system32\csrss.exe[608] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777a1d40 5 bytes JMP 000000014a350330
.text C:\windows\system32\csrss.exe[608] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777a1db0 5 bytes JMP 000000014a350410
.text C:\windows\system32\csrss.exe[608] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777a1de0 5 bytes JMP 000000014a350240
.text C:\windows\system32\csrss.exe[608] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a20a0 5 bytes JMP 000000014a3501e0
.text C:\windows\system32\csrss.exe[608] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777a2160 5 bytes JMP 000000014a350250
.text C:\windows\system32\csrss.exe[608] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777a2190 5 bytes JMP 000000014a350490
.text C:\windows\system32\csrss.exe[608] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777a21a0 5 bytes JMP 000000014a3504a0
.text C:\windows\system32\csrss.exe[608] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777a21d0 5 bytes JMP 000000014a350300
.text C:\windows\system32\csrss.exe[608] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777a21e0 5 bytes JMP 000000014a350360
.text C:\windows\system32\csrss.exe[608] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777a2240 5 bytes JMP 000000014a3502a0
.text C:\windows\system32\csrss.exe[608] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777a2290 5 bytes JMP 000000014a3502c0
.text C:\windows\system32\csrss.exe[608] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777a22c0 5 bytes JMP 000000014a350380
.text C:\windows\system32\csrss.exe[608] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777a22d0 5 bytes JMP 000000014a350340
.text C:\windows\system32\csrss.exe[608] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777a25c0 5 bytes JMP 000000014a350440
.text C:\windows\system32\csrss.exe[608] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777a27c0 5 bytes JMP 000000014a350260
.text C:\windows\system32\csrss.exe[608] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777a27d0 5 bytes JMP 000000014a350270
.text C:\windows\system32\csrss.exe[608] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777a27e0 5 bytes JMP 000000014a350400
.text C:\windows\system32\csrss.exe[608] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a29a0 5 bytes JMP 000000014a3501f0
.text C:\windows\system32\csrss.exe[608] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777a29b0 5 bytes JMP 000000014a350210
.text C:\windows\system32\csrss.exe[608] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a2a20 5 bytes JMP 000000014a350200
.text C:\windows\system32\csrss.exe[608] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777a2a80 5 bytes JMP 000000014a350420
.text C:\windows\system32\csrss.exe[608] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777a2a90 5 bytes JMP 000000014a350430
.text C:\windows\system32\csrss.exe[608] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a2aa0 5 bytes JMP 000000014a350220
.text C:\windows\system32\csrss.exe[608] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777a2b80 5 bytes JMP 000000014a350280
.text C:\windows\system32\csrss.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777a1360 5 bytes JMP 000000014a350460
.text C:\windows\system32\csrss.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777a13b0 5 bytes JMP 000000014a350450
.text C:\windows\system32\csrss.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777a1510 5 bytes JMP 000000014a350370
.text C:\windows\system32\csrss.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777a1560 5 bytes JMP 000000014a350470
.text C:\windows\system32\csrss.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a1570 5 bytes JMP 000000014a3503e0
.text C:\windows\system32\csrss.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a1620 5 bytes JMP 000000014a350320
.text C:\windows\system32\csrss.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777a1650 5 bytes JMP 000000014a3503b0
.text C:\windows\system32\csrss.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777a1670 5 bytes JMP 000000014a350390
.text C:\windows\system32\csrss.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777a16b0 5 bytes JMP 000000014a3502e0
.text C:\windows\system32\csrss.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a1730 5 bytes JMP 000000014a3502d0
.text C:\windows\system32\csrss.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a1750 5 bytes JMP 000000014a350310
.text C:\windows\system32\csrss.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a1790 5 bytes JMP 000000014a3503c0
.text C:\windows\system32\csrss.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a17e0 5 bytes JMP 000000014a3503f0
.text C:\windows\system32\csrss.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777a1940 5 bytes JMP 000000014a350230
.text C:\windows\system32\csrss.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a1b00 5 bytes JMP 000000014a350480
.text C:\windows\system32\csrss.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777a1b30 5 bytes JMP 000000014a3503a0
.text C:\windows\system32\csrss.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a1c10 5 bytes JMP 000000014a3502f0
.text C:\windows\system32\csrss.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777a1c20 5 bytes JMP 000000014a350350
.text C:\windows\system32\csrss.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a1c80 5 bytes JMP 000000014a350290
.text C:\windows\system32\csrss.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a1d10 5 bytes JMP 000000014a3502b0
.text C:\windows\system32\csrss.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a1d30 5 bytes JMP 000000014a3503d0
.text C:\windows\system32\csrss.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777a1d40 5 bytes JMP 000000014a350330
.text C:\windows\system32\csrss.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777a1db0 5 bytes JMP 000000014a350410
.text C:\windows\system32\csrss.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777a1de0 5 bytes JMP 000000014a350240
.text C:\windows\system32\csrss.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a20a0 5 bytes JMP 000000014a3501e0
.text C:\windows\system32\csrss.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777a2160 5 bytes JMP 000000014a350250
.text C:\windows\system32\csrss.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777a2190 5 bytes JMP 000000014a350490
.text C:\windows\system32\csrss.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777a21a0 5 bytes JMP 000000014a3504a0
.text C:\windows\system32\csrss.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777a21d0 5 bytes JMP 000000014a350300
.text C:\windows\system32\csrss.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777a21e0 5 bytes JMP 000000014a350360
.text C:\windows\system32\csrss.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777a2240 5 bytes JMP 000000014a3502a0
.text C:\windows\system32\csrss.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777a2290 5 bytes JMP 000000014a3502c0
.text C:\windows\system32\csrss.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777a22c0 5 bytes JMP 000000014a350380
.text C:\windows\system32\csrss.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777a22d0 5 bytes JMP 000000014a350340
.text C:\windows\system32\csrss.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777a25c0 5 bytes JMP 000000014a350440
.text C:\windows\system32\csrss.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777a27c0 5 bytes JMP 000000014a350260
.text C:\windows\system32\csrss.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777a27d0 5 bytes JMP 000000014a350270
.text C:\windows\system32\csrss.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777a27e0 5 bytes JMP 000000014a350400
.text C:\windows\system32\csrss.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a29a0 5 bytes JMP 000000014a3501f0
.text C:\windows\system32\csrss.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777a29b0 5 bytes JMP 000000014a350210
.text C:\windows\system32\csrss.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a2a20 5 bytes JMP 000000014a350200
.text C:\windows\system32\csrss.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777a2a80 5 bytes JMP 000000014a350420
.text C:\windows\system32\csrss.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777a2a90 5 bytes JMP 000000014a350430
.text C:\windows\system32\csrss.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a2aa0 5 bytes JMP 000000014a350220
.text C:\windows\system32\csrss.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777a2b80 5 bytes JMP 000000014a350280
.text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777a1360 5 bytes JMP 0000000077900460
.text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777a13b0 5 bytes JMP 0000000077900450
.text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777a1510 5 bytes JMP 0000000077900370
.text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777a1560 5 bytes JMP 0000000077900470
.text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a1570 5 bytes JMP 00000000779003e0
.text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a1620 5 bytes JMP 0000000077900320
.text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777a1650 5 bytes JMP 00000000779003b0
.text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777a1670 5 bytes JMP 0000000077900390
.text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777a16b0 5 bytes JMP 00000000779002e0
.text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a1730 5 bytes JMP 00000000779002d0
.text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a1750 5 bytes JMP 0000000077900310
.text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a1790 5 bytes JMP 00000000779003c0
.text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a17e0 5 bytes JMP 00000000779003f0
.text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777a1940 5 bytes JMP 0000000077900230
.text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a1b00 5 bytes JMP 0000000077900480
.text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777a1b30 5 bytes JMP 00000000779003a0
.text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a1c10 5 bytes JMP 00000000779002f0
.text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777a1c20 5 bytes JMP 0000000077900350
.text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a1c80 5 bytes JMP 0000000077900290
.text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a1d10 5 bytes JMP 00000000779002b0
.text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a1d30 5 bytes JMP 00000000779003d0
.text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777a1d40 5 bytes JMP 0000000077900330
.text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777a1db0 5 bytes JMP 0000000077900410
.text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777a1de0 5 bytes JMP 0000000077900240
.text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a20a0 5 bytes JMP 00000000779001e0
.text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777a2160 5 bytes JMP 0000000077900250
.text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777a2190 5 bytes JMP 0000000077900490
.text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777a21a0 5 bytes JMP 00000000779004a0
.text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777a21d0 5 bytes JMP 0000000077900300
.text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777a21e0 5 bytes JMP 0000000077900360
.text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777a2240 5 bytes JMP 00000000779002a0
.text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777a2290 5 bytes JMP 00000000779002c0
.text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777a22c0 5 bytes JMP 0000000077900380
.text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777a22d0 5 bytes JMP 0000000077900340
.text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777a25c0 5 bytes JMP 0000000077900440
.text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777a27c0 5 bytes JMP 0000000077900260
.text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777a27d0 5 bytes JMP 0000000077900270
.text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777a27e0 5 bytes JMP 0000000077900400
.text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a29a0 5 bytes JMP 00000000779001f0
.text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777a29b0 5 bytes JMP 0000000077900210
.text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a2a20 5 bytes JMP 0000000077900200
.text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777a2a80 5 bytes JMP 0000000077900420
.text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777a2a90 5 bytes JMP 0000000077900430
.text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a2aa0 5 bytes JMP 0000000077900220
.text C:\windows\system32\wininit.exe[684] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777a2b80 5 bytes JMP 0000000077900280
.text C:\windows\system32\wininit.exe[684] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007758ef8d 1 byte [62]
.text C:\windows\system32\winlogon.exe[744] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777a1360 5 bytes JMP 0000000077900460
.text C:\windows\system32\winlogon.exe[744] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777a13b0 5 bytes JMP 0000000077900450
.text C:\windows\system32\winlogon.exe[744] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777a1510 5 bytes JMP 0000000077900370
.text C:\windows\system32\winlogon.exe[744] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777a1560 5 bytes JMP 0000000077900470
.text C:\windows\system32\winlogon.exe[744] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a1570 5 bytes JMP 00000000779003e0
.text C:\windows\system32\winlogon.exe[744] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a1620 5 bytes JMP 0000000077900320
.text C:\windows\system32\winlogon.exe[744] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777a1650 5 bytes JMP 00000000779003b0
.text C:\windows\system32\winlogon.exe[744] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777a1670 5 bytes JMP 0000000077900390
.text C:\windows\system32\winlogon.exe[744] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777a16b0 5 bytes JMP 00000000779002e0
.text C:\windows\system32\winlogon.exe[744] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a1730 5 bytes JMP 00000000779002d0
.text C:\windows\system32\winlogon.exe[744] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a1750 5 bytes JMP 0000000077900310
.text C:\windows\system32\winlogon.exe[744] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a1790 5 bytes JMP 00000000779003c0
.text C:\windows\system32\winlogon.exe[744] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a17e0 5 bytes JMP 00000000779003f0
.text C:\windows\system32\winlogon.exe[744] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777a1940 5 bytes JMP 0000000077900230
.text C:\windows\system32\winlogon.exe[744] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a1b00 5 bytes JMP 0000000077900480
.text C:\windows\system32\winlogon.exe[744] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777a1b30 5 bytes JMP 00000000779003a0
.text C:\windows\system32\winlogon.exe[744] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a1c10 5 bytes JMP 00000000779002f0
.text C:\windows\system32\winlogon.exe[744] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777a1c20 5 bytes JMP 0000000077900350
.text C:\windows\system32\winlogon.exe[744] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a1c80 5 bytes JMP 0000000077900290
.text C:\windows\system32\winlogon.exe[744] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a1d10 5 bytes JMP 00000000779002b0
.text C:\windows\system32\winlogon.exe[744] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a1d30 5 bytes JMP 00000000779003d0
.text C:\windows\system32\winlogon.exe[744] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777a1d40 5 bytes JMP 0000000077900330
.text C:\windows\system32\winlogon.exe[744] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777a1db0 5 bytes JMP 0000000077900410
.text C:\windows\system32\winlogon.exe[744] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777a1de0 5 bytes JMP 0000000077900240
.text C:\windows\system32\winlogon.exe[744] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a20a0 5 bytes JMP 00000000779001e0
.text C:\windows\system32\winlogon.exe[744] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777a2160 5 bytes JMP 0000000077900250
.text C:\windows\system32\winlogon.exe[744] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777a2190 5 bytes JMP 0000000077900490
.text C:\windows\system32\winlogon.exe[744] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777a21a0 5 bytes JMP 00000000779004a0
.text C:\windows\system32\winlogon.exe[744] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777a21d0 5 bytes JMP 0000000077900300
.text C:\windows\system32\winlogon.exe[744] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777a21e0 5 bytes JMP 0000000077900360
.text C:\windows\system32\winlogon.exe[744] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777a2240 5 bytes JMP 00000000779002a0
.text C:\windows\system32\winlogon.exe[744] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777a2290 5 bytes JMP 00000000779002c0
.text C:\windows\system32\winlogon.exe[744] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777a22c0 5 bytes JMP 0000000077900380
.text C:\windows\system32\winlogon.exe[744] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777a22d0 5 bytes JMP 0000000077900340
.text C:\windows\system32\winlogon.exe[744] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777a25c0 5 bytes JMP 0000000077900440
.text C:\windows\system32\winlogon.exe[744] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777a27c0 5 bytes JMP 0000000077900260
.text C:\windows\system32\winlogon.exe[744] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777a27d0 5 bytes JMP 0000000077900270
.text C:\windows\system32\winlogon.exe[744] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777a27e0 5 bytes JMP 0000000077900400
.text C:\windows\system32\winlogon.exe[744] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a29a0 5 bytes JMP 00000000779001f0
.text C:\windows\system32\winlogon.exe[744] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777a29b0 5 bytes JMP 0000000077900210
.text C:\windows\system32\winlogon.exe[744] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a2a20 5 bytes JMP 0000000077900200
.text C:\windows\system32\winlogon.exe[744] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777a2a80 5 bytes JMP 0000000077900420
.text C:\windows\system32\winlogon.exe[744] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777a2a90 5 bytes JMP 0000000077900430
.text C:\windows\system32\winlogon.exe[744] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a2aa0 5 bytes JMP 0000000077900220
.text C:\windows\system32\winlogon.exe[744] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777a2b80 5 bytes JMP 0000000077900280
.text C:\windows\system32\winlogon.exe[744] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007758ef8d 1 byte [62]
.text C:\windows\system32\services.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777a1360 5 bytes JMP 0000000077900460
.text C:\windows\system32\services.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777a13b0 5 bytes JMP 0000000077900450
.text C:\windows\system32\services.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777a1510 5 bytes JMP 0000000077900370
.text C:\windows\system32\services.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777a1560 5 bytes JMP 0000000077900470
.text C:\windows\system32\services.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a1570 5 bytes JMP 00000000779003e0
.text C:\windows\system32\services.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a1620 5 bytes JMP 0000000077900320
.text C:\windows\system32\services.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777a1650 5 bytes JMP 00000000779003b0
.text C:\windows\system32\services.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777a1670 5 bytes JMP 0000000077900390
.text C:\windows\system32\services.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777a16b0 5 bytes JMP 00000000779002e0
.text C:\windows\system32\services.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a1730 5 bytes JMP 00000000779002d0
.text C:\windows\system32\services.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a1750 5 bytes JMP 0000000077900310
.text C:\windows\system32\services.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a1790 5 bytes JMP 00000000779003c0
.text C:\windows\system32\services.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a17e0 5 bytes JMP 00000000779003f0
.text C:\windows\system32\services.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777a1940 5 bytes JMP 0000000077900230
.text C:\windows\system32\services.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a1b00 5 bytes JMP 0000000077900480
.text C:\windows\system32\services.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777a1b30 5 bytes JMP 00000000779003a0
.text C:\windows\system32\services.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a1c10 5 bytes JMP 00000000779002f0
.text C:\windows\system32\services.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777a1c20 5 bytes JMP 0000000077900350
.text C:\windows\system32\services.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a1c80 5 bytes JMP 0000000077900290
.text C:\windows\system32\services.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a1d10 5 bytes JMP 00000000779002b0
.text C:\windows\system32\services.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a1d30 5 bytes JMP 00000000779003d0
.text C:\windows\system32\services.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777a1d40 5 bytes JMP 0000000077900330
.text C:\windows\system32\services.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777a1db0 5 bytes JMP 0000000077900410
.text C:\windows\system32\services.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777a1de0 5 bytes JMP 0000000077900240
.text C:\windows\system32\services.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a20a0 5 bytes JMP 00000000779001e0
.text C:\windows\system32\services.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777a2160 5 bytes JMP 0000000077900250
.text C:\windows\system32\services.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777a2190 5 bytes JMP 0000000077900490
.text C:\windows\system32\services.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777a21a0 5 bytes JMP 00000000779004a0
.text C:\windows\system32\services.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777a21d0 5 bytes JMP 0000000077900300
.text C:\windows\system32\services.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777a21e0 5 bytes JMP 0000000077900360
.text C:\windows\system32\services.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777a2240 5 bytes JMP 00000000779002a0
.text C:\windows\system32\services.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777a2290 5 bytes JMP 00000000779002c0
.text C:\windows\system32\services.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777a22c0 5 bytes JMP 0000000077900380
.text C:\windows\system32\services.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777a22d0 5 bytes JMP 0000000077900340
.text C:\windows\system32\services.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777a25c0 5 bytes JMP 0000000077900440
.text C:\windows\system32\services.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777a27c0 5 bytes JMP 0000000077900260
.text C:\windows\system32\services.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777a27d0 5 bytes JMP 0000000077900270
.text C:\windows\system32\services.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777a27e0 5 bytes JMP 0000000077900400
.text C:\windows\system32\services.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a29a0 5 bytes JMP 00000000779001f0
.text C:\windows\system32\services.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777a29b0 5 bytes JMP 0000000077900210
.text C:\windows\system32\services.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a2a20 5 bytes JMP 0000000077900200
.text C:\windows\system32\services.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777a2a80 5 bytes JMP 0000000077900420
.text C:\windows\system32\services.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777a2a90 5 bytes JMP 0000000077900430
.text C:\windows\system32\services.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a2aa0 5 bytes JMP 0000000077900220
.text C:\windows\system32\services.exe[784] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777a2b80 5 bytes JMP 0000000077900280
.text C:\windows\system32\services.exe[784] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007758ef8d 1 byte [62]
.text C:\windows\system32\lsass.exe[800] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777a1360 5 bytes JMP 0000000077900460
.text C:\windows\system32\lsass.exe[800] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777a13b0 5 bytes JMP 0000000077900450
.text C:\windows\system32\lsass.exe[800] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777a1510 5 bytes JMP 0000000077900370
.text C:\windows\system32\lsass.exe[800] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777a1560 5 bytes JMP 0000000077900470
.text C:\windows\system32\lsass.exe[800] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a1570 5 bytes JMP 00000000779003e0
.text C:\windows\system32\lsass.exe[800] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a1620 5 bytes JMP 0000000077900320
.text C:\windows\system32\lsass.exe[800] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777a1650 5 bytes JMP 00000000779003b0
.text C:\windows\system32\lsass.exe[800] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777a1670 5 bytes JMP 0000000077900390
.text C:\windows\system32\lsass.exe[800] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777a16b0 5 bytes JMP 00000000779002e0
.text C:\windows\system32\lsass.exe[800] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a1730 5 bytes JMP 00000000779002d0
.text C:\windows\system32\lsass.exe[800] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a1750 5 bytes JMP 0000000077900310
.text C:\windows\system32\lsass.exe[800] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a1790 5 bytes JMP 00000000779003c0
.text C:\windows\system32\lsass.exe[800] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a17e0 5 bytes JMP 00000000779003f0
.text C:\windows\system32\lsass.exe[800] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777a1940 5 bytes JMP 0000000077900230
.text C:\windows\system32\lsass.exe[800] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a1b00 5 bytes JMP 0000000077900480
.text C:\windows\system32\lsass.exe[800] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777a1b30 5 bytes JMP 00000000779003a0
.text C:\windows\system32\lsass.exe[800] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a1c10 5 bytes JMP 00000000779002f0
.text C:\windows\system32\lsass.exe[800] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777a1c20 5 bytes JMP 0000000077900350
.text C:\windows\system32\lsass.exe[800] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a1c80 5 bytes JMP 0000000077900290
.text C:\windows\system32\lsass.exe[800] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a1d10 5 bytes JMP 00000000779002b0
.text C:\windows\system32\lsass.exe[800] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a1d30 5 bytes JMP 00000000779003d0
.text C:\windows\system32\lsass.exe[800] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777a1d40 5 bytes JMP 0000000077900330
.text C:\windows\system32\lsass.exe[800] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777a1db0 5 bytes JMP 0000000077900410
.text C:\windows\system32\lsass.exe[800] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777a1de0 5 bytes JMP 0000000077900240
.text C:\windows\system32\lsass.exe[800] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a20a0 5 bytes JMP 00000000779001e0
.text C:\windows\system32\lsass.exe[800] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777a2160 5 bytes JMP 0000000077900250
.text C:\windows\system32\lsass.exe[800] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777a2190 5 bytes JMP 0000000077900490
.text C:\windows\system32\lsass.exe[800] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777a21a0 5 bytes JMP 00000000779004a0
.text C:\windows\system32\lsass.exe[800] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777a21d0 5 bytes JMP 0000000077900300
.text C:\windows\system32\lsass.exe[800] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777a21e0 5 bytes JMP 0000000077900360
.text C:\windows\system32\lsass.exe[800] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777a2240 5 bytes JMP 00000000779002a0
.text C:\windows\system32\lsass.exe[800] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777a2290 5 bytes JMP 00000000779002c0
.text C:\windows\system32\lsass.exe[800] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777a22c0 5 bytes JMP 0000000077900380
.text C:\windows\system32\lsass.exe[800] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777a22d0 5 bytes JMP 0000000077900340
.text C:\windows\system32\lsass.exe[800] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777a25c0 5 bytes JMP 0000000077900440
.text C:\windows\system32\lsass.exe[800] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777a27c0 5 bytes JMP 0000000077900260
.text C:\windows\system32\lsass.exe[800] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777a27d0 5 bytes JMP 0000000077900270
.text C:\windows\system32\lsass.exe[800] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777a27e0 5 bytes JMP 0000000077900400
.text C:\windows\system32\lsass.exe[800] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a29a0 5 bytes JMP 00000000779001f0
.text C:\windows\system32\lsass.exe[800] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777a29b0 5 bytes JMP 0000000077900210
.text C:\windows\system32\lsass.exe[800] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a2a20 5 bytes JMP 0000000077900200
.text C:\windows\system32\lsass.exe[800] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777a2a80 5 bytes JMP 0000000077900420
.text C:\windows\system32\lsass.exe[800] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777a2a90 5 bytes JMP 0000000077900430
.text C:\windows\system32\lsass.exe[800] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a2aa0 5 bytes JMP 0000000077900220
.text C:\windows\system32\lsass.exe[800] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777a2b80 5 bytes JMP 0000000077900280
.text C:\windows\system32\lsm.exe[808] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777a1360 5 bytes JMP 0000000100070460
.text C:\windows\system32\lsm.exe[808] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777a13b0 5 bytes JMP 0000000100070450
.text C:\windows\system32\lsm.exe[808] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777a1510 5 bytes JMP 0000000100070370
.text C:\windows\system32\lsm.exe[808] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777a1560 5 bytes JMP 0000000100070470
.text C:\windows\system32\lsm.exe[808] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a1570 5 bytes JMP 00000001000703e0
.text C:\windows\system32\lsm.exe[808] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a1620 5 bytes JMP 0000000100070320
.text C:\windows\system32\lsm.exe[808] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777a1650 5 bytes JMP 00000001000703b0
.text C:\windows\system32\lsm.exe[808] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777a1670 5 bytes JMP 0000000100070390
.text C:\windows\system32\lsm.exe[808] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777a16b0 5 bytes JMP 00000001000702e0
.text C:\windows\system32\lsm.exe[808] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a1730 5 bytes JMP 00000001000702d0
.text C:\windows\system32\lsm.exe[808] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a1750 5 bytes JMP 0000000100070310
.text C:\windows\system32\lsm.exe[808] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a1790 5 bytes JMP 00000001000703c0
.text C:\windows\system32\lsm.exe[808] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a17e0 5 bytes JMP 00000001000703f0
.text C:\windows\system32\lsm.exe[808] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777a1940 5 bytes JMP 0000000100070230
.text C:\windows\system32\lsm.exe[808] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a1b00 5 bytes JMP 0000000100070480
.text C:\windows\system32\lsm.exe[808] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777a1b30 5 bytes JMP 00000001000703a0
.text C:\windows\system32\lsm.exe[808] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a1c10 5 bytes JMP 00000001000702f0
.text C:\windows\system32\lsm.exe[808] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777a1c20 5 bytes JMP 0000000100070350
.text C:\windows\system32\lsm.exe[808] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a1c80 5 bytes JMP 0000000100070290
.text C:\windows\system32\lsm.exe[808] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a1d10 5 bytes JMP 00000001000702b0
.text C:\windows\system32\lsm.exe[808] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a1d30 5 bytes JMP 00000001000703d0
.text C:\windows\system32\lsm.exe[808] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777a1d40 5 bytes JMP 0000000100070330
.text C:\windows\system32\lsm.exe[808] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777a1db0 5 bytes JMP 0000000100070410
.text C:\windows\system32\lsm.exe[808] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777a1de0 5 bytes JMP 0000000100070240
.text C:\windows\system32\lsm.exe[808] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a20a0 5 bytes JMP 00000001000701e0
.text C:\windows\system32\lsm.exe[808] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777a2160 5 bytes JMP 0000000100070250
.text C:\windows\system32\lsm.exe[808] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777a2190 5 bytes JMP 0000000100070490
.text C:\windows\system32\lsm.exe[808] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777a21a0 5 bytes JMP 00000001000704a0
.text C:\windows\system32\lsm.exe[808] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777a21d0 5 bytes JMP 0000000100070300
.text C:\windows\system32\lsm.exe[808] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777a21e0 5 bytes JMP 0000000100070360
.text C:\windows\system32\lsm.exe[808] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777a2240 5 bytes JMP 00000001000702a0
.text C:\windows\system32\lsm.exe[808] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777a2290 5 bytes JMP 00000001000702c0
.text C:\windows\system32\lsm.exe[808] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777a22c0 5 bytes JMP 0000000100070380
.text C:\windows\system32\lsm.exe[808] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777a22d0 5 bytes JMP 0000000100070340
.text C:\windows\system32\lsm.exe[808] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777a25c0 5 bytes JMP 0000000100070440
.text C:\windows\system32\lsm.exe[808] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777a27c0 5 bytes JMP 0000000100070260
.text C:\windows\system32\lsm.exe[808] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777a27d0 5 bytes JMP 0000000100070270
.text C:\windows\system32\lsm.exe[808] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777a27e0 5 bytes JMP 0000000100070400
.text C:\windows\system32\lsm.exe[808] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a29a0 5 bytes JMP 00000001000701f0
.text C:\windows\system32\lsm.exe[808] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777a29b0 5 bytes JMP 0000000100070210
.text C:\windows\system32\lsm.exe[808] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a2a20 5 bytes JMP 0000000100070200
.text C:\windows\system32\lsm.exe[808] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777a2a80 5 bytes JMP 0000000100070420
.text C:\windows\system32\lsm.exe[808] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777a2a90 5 bytes JMP 0000000100070430
.text C:\windows\system32\lsm.exe[808] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a2aa0 5 bytes JMP 0000000100070220
.text C:\windows\system32\lsm.exe[808] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777a2b80 5 bytes JMP 0000000100070280
.text C:\windows\system32\svchost.exe[908] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777a1360 5 bytes JMP 0000000077900460
.text C:\windows\system32\svchost.exe[908] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777a13b0 5 bytes JMP 0000000077900450
.text C:\windows\system32\svchost.exe[908] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777a1510 5 bytes JMP 0000000077900370
.text C:\windows\system32\svchost.exe[908] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777a1560 5 bytes JMP 0000000077900470
.text C:\windows\system32\svchost.exe[908] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a1570 5 bytes JMP 00000000779003e0
.text C:\windows\system32\svchost.exe[908] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a1620 5 bytes JMP 0000000077900320
.text C:\windows\system32\svchost.exe[908] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777a1650 5 bytes JMP 00000000779003b0
.text C:\windows\system32\svchost.exe[908] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777a1670 5 bytes JMP 0000000077900390
.text C:\windows\system32\svchost.exe[908] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777a16b0 5 bytes JMP 00000000779002e0
.text C:\windows\system32\svchost.exe[908] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a1730 5 bytes JMP 00000000779002d0
.text C:\windows\system32\svchost.exe[908] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a1750 5 bytes JMP 0000000077900310
.text C:\windows\system32\svchost.exe[908] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a1790 5 bytes JMP 00000000779003c0
.text C:\windows\system32\svchost.exe[908] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a17e0 5 bytes JMP 00000000779003f0
.text C:\windows\system32\svchost.exe[908] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777a1940 5 bytes JMP 0000000077900230
.text C:\windows\system32\svchost.exe[908] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a1b00 5 bytes JMP 0000000077900480
.text C:\windows\system32\svchost.exe[908] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777a1b30 5 bytes JMP 00000000779003a0
.text C:\windows\system32\svchost.exe[908] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a1c10 5 bytes JMP 00000000779002f0
.text C:\windows\system32\svchost.exe[908] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777a1c20 5 bytes JMP 0000000077900350
.text C:\windows\system32\svchost.exe[908] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a1c80 5 bytes JMP 0000000077900290
.text C:\windows\system32\svchost.exe[908] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a1d10 5 bytes JMP 00000000779002b0
.text C:\windows\system32\svchost.exe[908] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a1d30 5 bytes JMP 00000000779003d0
.text C:\windows\system32\svchost.exe[908] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777a1d40 5 bytes JMP 0000000077900330
.text C:\windows\system32\svchost.exe[908] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777a1db0 5 bytes JMP 0000000077900410
.text C:\windows\system32\svchost.exe[908] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777a1de0 5 bytes JMP 0000000077900240
.text C:\windows\system32\svchost.exe[908] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a20a0 5 bytes JMP 00000000779001e0
.text C:\windows\system32\svchost.exe[908] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777a2160 5 bytes JMP 0000000077900250
.text C:\windows\system32\svchost.exe[908] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777a2190 5 bytes JMP 0000000077900490
.text C:\windows\system32\svchost.exe[908] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777a21a0 5 bytes JMP 00000000779004a0
.text C:\windows\system32\svchost.exe[908] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777a21d0 5 bytes JMP 0000000077900300
.text C:\windows\system32\svchost.exe[908] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777a21e0 5 bytes JMP 0000000077900360
.text C:\windows\system32\svchost.exe[908] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777a2240 5 bytes JMP 00000000779002a0
.text C:\windows\system32\svchost.exe[908] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore
|
|
09.04.2015, 12:46
| #6 |
| | gmer 2Code:
ATTFilter 00000000777a2290 5 bytes JMP 00000000779002c0
.text C:\windows\system32\svchost.exe[908] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777a22c0 5 bytes JMP 0000000077900380
.text C:\windows\system32\svchost.exe[908] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777a22d0 5 bytes JMP 0000000077900340
.text C:\windows\system32\svchost.exe[908] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777a25c0 5 bytes JMP 0000000077900440
.text C:\windows\system32\svchost.exe[908] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777a27c0 5 bytes JMP 0000000077900260
.text C:\windows\system32\svchost.exe[908] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777a27d0 5 bytes JMP 0000000077900270
.text C:\windows\system32\svchost.exe[908] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777a27e0 5 bytes JMP 0000000077900400
.text C:\windows\system32\svchost.exe[908] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a29a0 5 bytes JMP 00000000779001f0
.text C:\windows\system32\svchost.exe[908] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777a29b0 5 bytes JMP 0000000077900210
.text C:\windows\system32\svchost.exe[908] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a2a20 5 bytes JMP 0000000077900200
.text C:\windows\system32\svchost.exe[908] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777a2a80 5 bytes JMP 0000000077900420
.text C:\windows\system32\svchost.exe[908] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777a2a90 5 bytes JMP 0000000077900430
.text C:\windows\system32\svchost.exe[908] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a2aa0 5 bytes JMP 0000000077900220
.text C:\windows\system32\svchost.exe[908] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777a2b80 5 bytes JMP 0000000077900280
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777a1360 5 bytes JMP 0000000077900460
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777a13b0 5 bytes JMP 0000000077900450
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777a1510 5 bytes JMP 0000000077900370
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777a1560 5 bytes JMP 0000000077900470
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a1570 5 bytes JMP 00000000779003e0
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a1620 5 bytes JMP 0000000077900320
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777a1650 5 bytes JMP 00000000779003b0
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777a1670 5 bytes JMP 0000000077900390
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777a16b0 5 bytes JMP 00000000779002e0
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a1730 5 bytes JMP 00000000779002d0
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a1750 5 bytes JMP 0000000077900310
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a1790 5 bytes JMP 00000000779003c0
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a17e0 5 bytes JMP 00000000779003f0
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777a1940 5 bytes JMP 0000000077900230
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a1b00 5 bytes JMP 0000000077900480
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777a1b30 5 bytes JMP 00000000779003a0
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a1c10 5 bytes JMP 00000000779002f0
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777a1c20 5 bytes JMP 0000000077900350
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a1c80 5 bytes JMP 0000000077900290
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a1d10 5 bytes JMP 00000000779002b0
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a1d30 5 bytes JMP 00000000779003d0
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777a1d40 5 bytes JMP 0000000077900330
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777a1db0 5 bytes JMP 0000000077900410
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777a1de0 5 bytes JMP 0000000077900240
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a20a0 5 bytes JMP 00000000779001e0
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777a2160 5 bytes JMP 0000000077900250
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777a2190 5 bytes JMP 0000000077900490
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777a21a0 5 bytes JMP 00000000779004a0
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777a21d0 5 bytes JMP 0000000077900300
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777a21e0 5 bytes JMP 0000000077900360
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777a2240 5 bytes JMP 00000000779002a0
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777a2290 5 bytes JMP 00000000779002c0
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777a22c0 5 bytes JMP 0000000077900380
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777a22d0 5 bytes JMP 0000000077900340
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777a25c0 5 bytes JMP 0000000077900440
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777a27c0 5 bytes JMP 0000000077900260
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777a27d0 5 bytes JMP 0000000077900270
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777a27e0 5 bytes JMP 0000000077900400
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a29a0 5 bytes JMP 00000000779001f0
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777a29b0 5 bytes JMP 0000000077900210
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a2a20 5 bytes JMP 0000000077900200
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777a2a80 5 bytes JMP 0000000077900420
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777a2a90 5 bytes JMP 0000000077900430
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a2aa0 5 bytes JMP 0000000077900220
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777a2b80 5 bytes JMP 0000000077900280
.text C:\windows\system32\svchost.exe[1000] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007758ef8d 1 byte [62]
.text C:\windows\system32\atiesrxx.exe[536] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007758ef8d 1 byte [62]
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777a1360 5 bytes JMP 0000000077900460
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777a13b0 5 bytes JMP 0000000077900450
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777a1510 5 bytes JMP 0000000077900370
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777a1560 5 bytes JMP 0000000077900470
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a1570 5 bytes JMP 00000000779003e0
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a1620 5 bytes JMP 0000000077900320
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777a1650 5 bytes JMP 00000000779003b0
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777a1670 5 bytes JMP 0000000077900390
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777a16b0 5 bytes JMP 00000000779002e0
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a1730 5 bytes JMP 00000000779002d0
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a1750 5 bytes JMP 0000000077900310
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a1790 5 bytes JMP 00000000779003c0
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a17e0 5 bytes JMP 00000000779003f0
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777a1940 5 bytes JMP 0000000077900230
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a1b00 5 bytes JMP 0000000077900480
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777a1b30 5 bytes JMP 00000000779003a0
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a1c10 5 bytes JMP 00000000779002f0
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777a1c20 5 bytes JMP 0000000077900350
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a1c80 5 bytes JMP 0000000077900290
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a1d10 5 bytes JMP 00000000779002b0
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a1d30 5 bytes JMP 00000000779003d0
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777a1d40 5 bytes JMP 0000000077900330
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777a1db0 5 bytes JMP 0000000077900410
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777a1de0 5 bytes JMP 0000000077900240
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a20a0 5 bytes JMP 00000000779001e0
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777a2160 5 bytes JMP 0000000077900250
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777a2190 5 bytes JMP 0000000077900490
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777a21a0 5 bytes JMP 00000000779004a0
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777a21d0 5 bytes JMP 0000000077900300
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777a21e0 5 bytes JMP 0000000077900360
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777a2240 5 bytes JMP 00000000779002a0
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777a2290 5 bytes JMP 00000000779002c0
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777a22c0 5 bytes JMP 0000000077900380
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777a22d0 5 bytes JMP 0000000077900340
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777a25c0 5 bytes JMP 0000000077900440
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777a27c0 5 bytes JMP 0000000077900260
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777a27d0 5 bytes JMP 0000000077900270
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777a27e0 5 bytes JMP 0000000077900400
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a29a0 5 bytes JMP 00000000779001f0
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777a29b0 5 bytes JMP 0000000077900210
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a2a20 5 bytes JMP 0000000077900200
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777a2a80 5 bytes JMP 0000000077900420
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777a2a90 5 bytes JMP 0000000077900430
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a2aa0 5 bytes JMP 0000000077900220
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777a2b80 5 bytes JMP 0000000077900280
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777a1360 5 bytes JMP 0000000100070460
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777a13b0 5 bytes JMP 0000000100070450
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777a1510 5 bytes JMP 0000000100070370
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777a1560 5 bytes JMP 0000000100070470
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a1570 5 bytes JMP 00000001000703e0
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a1620 5 bytes JMP 0000000100070320
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777a1650 5 bytes JMP 00000001000703b0
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777a1670 5 bytes JMP 0000000100070390
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777a16b0 5 bytes JMP 00000001000702e0
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a1730 5 bytes JMP 00000001000702d0
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a1750 5 bytes JMP 0000000100070310
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a1790 5 bytes JMP 00000001000703c0
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a17e0 5 bytes JMP 00000001000703f0
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777a1940 5 bytes JMP 0000000100070230
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a1b00 5 bytes JMP 0000000100070480
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777a1b30 5 bytes JMP 00000001000703a0
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a1c10 5 bytes JMP 00000001000702f0
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777a1c20 5 bytes JMP 0000000100070350
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a1c80 5 bytes JMP 0000000100070290
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a1d10 5 bytes JMP 00000001000702b0
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a1d30 5 bytes JMP 00000001000703d0
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777a1d40 5 bytes JMP 0000000100070330
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777a1db0 5 bytes JMP 0000000100070410
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777a1de0 5 bytes JMP 0000000100070240
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a20a0 5 bytes JMP 00000001000701e0
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777a2160 5 bytes JMP 0000000100070250
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777a2190 5 bytes JMP 0000000100070490
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777a21a0 5 bytes JMP 00000001000704a0
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777a21d0 5 bytes JMP 0000000100070300
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777a21e0 5 bytes JMP 0000000100070360
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777a2240 5 bytes JMP 00000001000702a0
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777a2290 5 bytes JMP 00000001000702c0
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777a22c0 5 bytes JMP 0000000100070380
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777a22d0 5 bytes JMP 0000000100070340
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777a25c0 5 bytes JMP 0000000100070440
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777a27c0 5 bytes JMP 0000000100070260
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777a27d0 5 bytes JMP 0000000100070270
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777a27e0 5 bytes JMP 0000000100070400
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a29a0 5 bytes JMP 00000001000701f0
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777a29b0 5 bytes JMP 0000000100070210
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a2a20 5 bytes JMP 0000000100070200
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777a2a80 5 bytes JMP 0000000100070420
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777a2a90 5 bytes JMP 0000000100070430
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a2aa0 5 bytes JMP 0000000100070220
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777a2b80 5 bytes JMP 0000000100070280
.text C:\windows\System32\svchost.exe[672] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007758ef8d 1 byte [62]
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777a1360 5 bytes JMP 0000000077900460
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777a13b0 5 bytes JMP 0000000077900450
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777a1510 5 bytes JMP 0000000077900370
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777a1560 5 bytes JMP 0000000077900470
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a1570 5 bytes JMP 00000000779003e0
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a1620 5 bytes JMP 0000000077900320
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777a1650 5 bytes JMP 00000000779003b0
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777a1670 5 bytes JMP 0000000077900390
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777a16b0 5 bytes JMP 00000000779002e0
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a1730 5 bytes JMP 00000000779002d0
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a1750 5 bytes JMP 0000000077900310
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a1790 5 bytes JMP 00000000779003c0
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a17e0 5 bytes JMP 00000000779003f0
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777a1940 5 bytes JMP 0000000077900230
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a1b00 5 bytes JMP 0000000077900480
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777a1b30 5 bytes JMP 00000000779003a0
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a1c10 5 bytes JMP 00000000779002f0
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777a1c20 5 bytes JMP 0000000077900350
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a1c80 5 bytes JMP 0000000077900290
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a1d10 5 bytes JMP 00000000779002b0
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a1d30 5 bytes JMP 00000000779003d0
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777a1d40 5 bytes JMP 0000000077900330
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777a1db0 5 bytes JMP 0000000077900410
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777a1de0 5 bytes JMP 0000000077900240
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a20a0 5 bytes JMP 00000000779001e0
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777a2160 5 bytes JMP 0000000077900250
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777a2190 5 bytes JMP 0000000077900490
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777a21a0 5 bytes JMP 00000000779004a0
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777a21d0 5 bytes JMP 0000000077900300
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777a21e0 5 bytes JMP 0000000077900360
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777a2240 5 bytes JMP 00000000779002a0
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777a2290 5 bytes JMP 00000000779002c0
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777a22c0 5 bytes JMP 0000000077900380
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777a22d0 5 bytes JMP 0000000077900340
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777a25c0 5 bytes JMP 0000000077900440
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777a27c0 5 bytes JMP 0000000077900260
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777a27d0 5 bytes JMP 0000000077900270
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777a27e0 5 bytes JMP 0000000077900400
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a29a0 5 bytes JMP 00000000779001f0
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777a29b0 5 bytes JMP 0000000077900210
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a2a20 5 bytes JMP 0000000077900200
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777a2a80 5 bytes JMP 0000000077900420
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777a2a90 5 bytes JMP 0000000077900430
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a2aa0 5 bytes JMP 0000000077900220
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777a2b80 5 bytes JMP 0000000077900280
.text C:\windows\system32\svchost.exe[792] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007758ef8d 1 byte [62]
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777a1360 5 bytes JMP 0000000077900460
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777a13b0 5 bytes JMP 0000000077900450
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777a1510 5 bytes JMP 0000000077900370
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777a1560 5 bytes JMP 0000000077900470
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a1570 5 bytes JMP 00000000779003e0
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a1620 5 bytes JMP 0000000077900320
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777a1650 5 bytes JMP 00000000779003b0
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777a1670 5 bytes JMP 0000000077900390
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777a16b0 5 bytes JMP 00000000779002e0
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a1730 5 bytes JMP 00000000779002d0
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a1750 5 bytes JMP 0000000077900310
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a1790 5 bytes JMP 00000000779003c0
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a17e0 5 bytes JMP 00000000779003f0
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777a1940 5 bytes JMP 0000000077900230
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a1b00 5 bytes JMP 0000000077900480
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777a1b30 5 bytes JMP 00000000779003a0
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a1c10 5 bytes JMP 00000000779002f0
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777a1c20 5 bytes JMP 0000000077900350
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a1c80 5 bytes JMP 0000000077900290
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a1d10 5 bytes JMP 00000000779002b0
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a1d30 5 bytes JMP 00000000779003d0
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777a1d40 5 bytes JMP 0000000077900330
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777a1db0 5 bytes JMP 0000000077900410
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777a1de0 5 bytes JMP 0000000077900240
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a20a0 5 bytes JMP 00000000779001e0
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777a2160 5 bytes JMP 0000000077900250
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777a2190 5 bytes JMP 0000000077900490
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777a21a0 5 bytes JMP 00000000779004a0
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777a21d0 5 bytes JMP 0000000077900300
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777a21e0 5 bytes JMP 0000000077900360
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777a2240 5 bytes JMP 00000000779002a0
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777a2290 5 bytes JMP 00000000779002c0
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777a22c0 5 bytes JMP 0000000077900380
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777a22d0 5 bytes JMP 0000000077900340
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777a25c0 5 bytes JMP 0000000077900440
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777a27c0 5 bytes JMP 0000000077900260
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777a27d0 5 bytes JMP 0000000077900270
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777a27e0 5 bytes JMP 0000000077900400
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a29a0 5 bytes JMP 00000000779001f0
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777a29b0 5 bytes JMP 0000000077900210
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a2a20 5 bytes JMP 0000000077900200
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777a2a80 5 bytes JMP 0000000077900420
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777a2a90 5 bytes JMP 0000000077900430
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a2aa0 5 bytes JMP 0000000077900220
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777a2b80 5 bytes JMP 0000000077900280
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777a1360 5 bytes JMP 0000000077900460
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777a13b0 5 bytes JMP 0000000077900450
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777a1510 5 bytes JMP 0000000077900370
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777a1560 5 bytes JMP 0000000077900470
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a1570 5 bytes JMP 00000000779003e0
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a1620 5 bytes JMP 0000000077900320
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777a1650 5 bytes JMP 00000000779003b0
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777a1670 5 bytes JMP 0000000077900390
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777a16b0 5 bytes JMP 00000000779002e0
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a1730 5 bytes JMP 00000000779002d0
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a1750 5 bytes JMP 0000000077900310
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a1790 5 bytes JMP 00000000779003c0
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a17e0 5 bytes JMP 00000000779003f0
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777a1940 5 bytes JMP 0000000077900230
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a1b00 5 bytes JMP 0000000077900480
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777a1b30 5 bytes JMP 00000000779003a0
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a1c10 5 bytes JMP 00000000779002f0
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777a1c20 5 bytes JMP 0000000077900350
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a1c80 5 bytes JMP 0000000077900290
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a1d10 5 bytes JMP 00000000779002b0
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a1d30 5 bytes JMP 00000000779003d0
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777a1d40 5 bytes JMP 0000000077900330
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777a1db0 5 bytes JMP 0000000077900410
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777a1de0 5 bytes JMP 0000000077900240
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a20a0 5 bytes JMP 00000000779001e0
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777a2160 5 bytes JMP 0000000077900250
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777a2190 5 bytes JMP 0000000077900490
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777a21a0 5 bytes JMP 00000000779004a0
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777a21d0 5 bytes JMP 0000000077900300
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777a21e0 5 bytes JMP 0000000077900360
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777a2240 5 bytes JMP 00000000779002a0
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777a2290 5 bytes JMP 00000000779002c0
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777a22c0 5 bytes JMP 0000000077900380
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777a22d0 5 bytes JMP 0000000077900340
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777a25c0 5 bytes JMP 0000000077900440
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777a27c0 5 bytes JMP 0000000077900260
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777a27d0 5 bytes JMP 0000000077900270
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777a27e0 5 bytes JMP 0000000077900400
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a29a0 5 bytes JMP 00000000779001f0
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777a29b0 5 bytes JMP 0000000077900210
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a2a20 5 bytes JMP 0000000077900200
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777a2a80 5 bytes JMP 0000000077900420
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777a2a90 5 bytes JMP 0000000077900430
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a2aa0 5 bytes JMP 0000000077900220
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777a2b80 5 bytes JMP 0000000077900280
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777a1360 5 bytes JMP 0000000077900460
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777a13b0 5 bytes JMP 0000000077900450
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777a1510 5 bytes JMP 0000000077900370
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777a1560 5 bytes JMP 0000000077900470
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a1570 5 bytes JMP 00000000779003e0
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a1620 5 bytes JMP 0000000077900320
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777a1650 5 bytes JMP 00000000779003b0
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777a1670 5 bytes JMP 0000000077900390
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777a16b0 5 bytes JMP 00000000779002e0
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a1730 5 bytes JMP 00000000779002d0
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a1750 5 bytes JMP 0000000077900310
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a1790 5 bytes JMP 00000000779003c0
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a17e0 5 bytes JMP 00000000779003f0
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777a1940 5 bytes JMP 0000000077900230
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a1b00 5 bytes JMP 0000000077900480
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777a1b30 5 bytes JMP 00000000779003a0
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a1c10 5 bytes JMP 00000000779002f0
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777a1c20 5 bytes JMP 0000000077900350
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a1c80 5 bytes JMP 0000000077900290
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a1d10 5 bytes JMP 00000000779002b0
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a1d30 5 bytes JMP 00000000779003d0
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777a1d40 5 bytes JMP 0000000077900330
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777a1db0 5 bytes JMP 0000000077900410
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777a1de0 5 bytes JMP 0000000077900240
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a20a0 5 bytes JMP 00000000779001e0
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777a2160 5 bytes JMP 0000000077900250
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777a2190 5 bytes JMP 0000000077900490
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777a21a0 5 bytes JMP 00000000779004a0
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777a21d0 5 bytes JMP 0000000077900300
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777a21e0 5 bytes JMP 0000000077900360
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777a2240 5 bytes JMP 00000000779002a0
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777a2290 5 bytes JMP 00000000779002c0
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777a22c0 5 bytes JMP 0000000077900380
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777a22d0 5 bytes JMP 0000000077900340
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777a25c0 5 bytes JMP 0000000077900440
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777a27c0 5 bytes JMP 0000000077900260
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777a27d0 5 bytes JMP 0000000077900270
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777a27e0 5 bytes JMP 0000000077900400
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a29a0 5 bytes JMP 00000000779001f0
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777a29b0 5 bytes JMP 0000000077900210
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a2a20 5 bytes JMP 0000000077900200
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777a2a80 5 bytes JMP 0000000077900420
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777a2a90 5 bytes JMP 0000000077900430
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a2aa0 5 bytes JMP 0000000077900220
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777a2b80 5 bytes JMP 0000000077900280
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777a1360 5 bytes JMP 0000000077900460
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777a13b0 5 bytes JMP 0000000077900450
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777a1510 5 bytes JMP 0000000077900370
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777a1560 5 bytes JMP 0000000077900470
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a1570 5 bytes JMP 00000000779003e0
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a1620 5 bytes JMP 0000000077900320
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777a1650 5 bytes JMP 00000000779003b0
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777a1670 5 bytes JMP 0000000077900390
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777a16b0 5 bytes JMP 00000000779002e0
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a1730 5 bytes JMP 00000000779002d0
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a1750 5 bytes JMP 0000000077900310
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a1790 5 bytes JMP 00000000779003c0
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a17e0 5 bytes JMP 00000000779003f0
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777a1940 5 bytes JMP 0000000077900230
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a1b00 5 bytes JMP 0000000077900480
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777a1b30 5 bytes JMP 00000000779003a0
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a1c10 5 bytes JMP 00000000779002f0
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777a1c20 5 bytes JMP 0000000077900350
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a1c80 5 bytes JMP 0000000077900290
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a1d10 5 bytes JMP 00000000779002b0
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a1d30 5 bytes JMP 00000000779003d0
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777a1d40 5 bytes JMP 0000000077900330
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777a1db0 5 bytes JMP 0000000077900410
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777a1de0 5 bytes JMP 0000000077900240
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a20a0 5 bytes JMP 00000000779001e0
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777a2160 5 bytes JMP 0000000077900250
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777a2190 5 bytes JMP 0000000077900490
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777a21a0 5 bytes JMP 00000000779004a0
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777a21d0 5 bytes JMP 0000000077900300
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777a21e0 5 bytes JMP 0000000077900360
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777a2240 5 bytes JMP 00000000779002a0
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777a2290 5 bytes JMP 00000000779002c0
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777a22c0 5 bytes JMP 0000000077900380
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777a22d0 5 bytes JMP 0000000077900340
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777a25c0 5 bytes JMP 0000000077900440
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777a27c0 5 bytes JMP 0000000077900260
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777a27d0 5 bytes JMP 0000000077900270
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777a27e0 5 bytes JMP 0000000077900400
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a29a0 5 bytes JMP 00000000779001f0
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777a29b0 5 bytes JMP 0000000077900210
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a2a20 5 bytes JMP 0000000077900200
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777a2a80 5 bytes JMP 0000000077900420
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777a2a90 5 bytes JMP 0000000077900430
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a2aa0 5 bytes JMP 0000000077900220
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777a2b80 5 bytes JMP 0000000077900280
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777a1360 5 bytes JMP 0000000077900460
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777a13b0 5 bytes JMP 0000000077900450
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777a1510 5 bytes JMP 0000000077900370
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777a1560 5 bytes JMP 0000000077900470
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a1570 5 bytes JMP 00000000779003e0
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a1620 5 bytes JMP 0000000077900320
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777a1650 5 bytes JMP 00000000779003b0
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777a1670 5 bytes JMP 0000000077900390
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777a16b0 5 bytes JMP 00000000779002e0
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a1730 5 bytes JMP 00000000779002d0
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a1750 5 bytes JMP 0000000077900310
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a1790 5 bytes JMP 00000000779003c0
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a17e0 5 bytes JMP 00000000779003f0
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777a1940 5 bytes JMP 0000000077900230
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a1b00 5 bytes JMP 0000000077900480
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777a1b30 5 bytes JMP 00000000779003a0
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a1c10 5 bytes JMP 00000000779002f0
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777a1c20 5 bytes JMP 0000000077900350
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a1c80 5 bytes JMP 0000000077900290
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a1d10 5 bytes JMP 00000000779002b0
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a1d30 5 bytes JMP 00000000779003d0
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777a1d40 5 bytes JMP 0000000077900330
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777a1db0 5 bytes JMP 0000000077900410
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777a1de0 5 bytes JMP 0000000077900240
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a20a0 5 bytes JMP 00000000779001e0
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777a2160 5 bytes JMP 0000000077900250
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777a2190 5 bytes JMP 0000000077900490
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777a21a0 5 bytes JMP 00000000779004a0
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777a21d0 5 bytes JMP 0000000077900300
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777a21e0 5 bytes JMP 0000000077900360
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777a2240 5 bytes JMP 00000000779002a0
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777a2290 5 bytes JMP 00000000779002c0
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777a22c0 5 bytes JMP 0000000077900380
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777a22d0 5 bytes JMP 0000000077900340
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777a25c0 5 bytes JMP 0000000077900440
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777a27c0 5 bytes JMP 0000000077900260
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777a27d0 5 bytes JMP 0000000077900270
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777a27e0 5 bytes JMP 0000000077900400
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a29a0 5 bytes JMP 00000000779001f0
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777a29b0 5 bytes JMP 0000000077900210
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a2a20 5 bytes JMP 0000000077900200
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777a2a80 5 bytes JMP 0000000077900420
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777a2a90 5 bytes JMP 0000000077900430
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a2aa0 5 bytes JMP 0000000077900220
|
|
09.04.2015, 12:47
| #7 |
| | gmer 3Code:
ATTFilter .text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777a2b80 5 bytes JMP 0000000077900280
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777a1360 5 bytes JMP 0000000077900460
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777a13b0 5 bytes JMP 0000000077900450
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777a1510 5 bytes JMP 0000000077900370
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777a1560 5 bytes JMP 0000000077900470
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a1570 5 bytes JMP 00000000779003e0
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a1620 5 bytes JMP 0000000077900320
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777a1650 5 bytes JMP 00000000779003b0
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777a1670 5 bytes JMP 0000000077900390
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777a16b0 5 bytes JMP 00000000779002e0
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a1730 5 bytes JMP 00000000779002d0
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a1750 5 bytes JMP 0000000077900310
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a1790 5 bytes JMP 00000000779003c0
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a17e0 5 bytes JMP 00000000779003f0
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777a1940 5 bytes JMP 0000000077900230
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a1b00 5 bytes JMP 0000000077900480
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777a1b30 5 bytes JMP 00000000779003a0
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a1c10 5 bytes JMP 00000000779002f0
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777a1c20 5 bytes JMP 0000000077900350
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a1c80 5 bytes JMP 0000000077900290
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a1d10 5 bytes JMP 00000000779002b0
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a1d30 5 bytes JMP 00000000779003d0
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777a1d40 5 bytes JMP 0000000077900330
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777a1db0 5 bytes JMP 0000000077900410
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777a1de0 5 bytes JMP 0000000077900240
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a20a0 5 bytes JMP 00000000779001e0
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777a2160 5 bytes JMP 0000000077900250
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777a2190 5 bytes JMP 0000000077900490
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777a21a0 5 bytes JMP 00000000779004a0
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777a21d0 5 bytes JMP 0000000077900300
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777a21e0 5 bytes JMP 0000000077900360
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777a2240 5 bytes JMP 00000000779002a0
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777a2290 5 bytes JMP 00000000779002c0
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777a22c0 5 bytes JMP 0000000077900380
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777a22d0 5 bytes JMP 0000000077900340
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777a25c0 5 bytes JMP 0000000077900440
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777a27c0 5 bytes JMP 0000000077900260
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777a27d0 5 bytes JMP 0000000077900270
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777a27e0 5 bytes JMP 0000000077900400
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a29a0 5 bytes JMP 00000000779001f0
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777a29b0 5 bytes JMP 0000000077900210
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a2a20 5 bytes JMP 0000000077900200
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777a2a80 5 bytes JMP 0000000077900420
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777a2a90 5 bytes JMP 0000000077900430
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a2aa0 5 bytes JMP 0000000077900220
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777a2b80 5 bytes JMP 0000000077900280
.text C:\windows\system32\taskhost.exe[1936] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000077546440 5 bytes JMP 0000000169ff0038
.text C:\windows\system32\taskhost.exe[1936] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007758ef8d 1 byte [62]
.text C:\windows\system32\taskhost.exe[1936] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd828ef0 5 bytes JMP 000007fffd7700b8
.text C:\windows\system32\taskhost.exe[1936] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd82bfd0 5 bytes JMP 000007fffd770038
.text C:\windows\system32\taskhost.exe[1936] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefea37490 5 bytes JMP 000007fffd770138
.text C:\windows\system32\taskhost.exe[1936] C:\windows\system32\WINMM.dll!waveOutReset 000007fefb1da38c 5 bytes JMP 000007fefd7702b8
.text C:\windows\system32\taskhost.exe[1936] C:\windows\system32\WINMM.dll!waveOutPause 000007fefb1f4b60 5 bytes JMP 000007fefd770238
.text C:\windows\system32\taskhost.exe[1936] C:\windows\system32\WINMM.dll!waveOutRestart 000007fefb1f4ba0 5 bytes JMP 000007fefd7701b8
.text C:\Program Files\AVAST Software\Avast\afwServ.exe[2008] C:\windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000077208791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...]
.text C:\Program Files\AVAST Software\Avast\afwServ.exe[2008] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007722a2fd 1 byte [62]
.text C:\Program Files\AVAST Software\Avast\afwServ.exe[2008] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075c21401 2 bytes JMP 7722b21b C:\windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\afwServ.exe[2008] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075c21419 2 bytes JMP 7722b346 C:\windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\afwServ.exe[2008] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075c21431 2 bytes JMP 772a8ea9 C:\windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\afwServ.exe[2008] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075c2144a 2 bytes CALL 772048ad C:\windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files\AVAST Software\Avast\afwServ.exe[2008] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075c214dd 2 bytes JMP 772a87a2 C:\windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\afwServ.exe[2008] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075c214f5 2 bytes JMP 772a8978 C:\windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\afwServ.exe[2008] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075c2150d 2 bytes JMP 772a8698 C:\windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\afwServ.exe[2008] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075c21525 2 bytes JMP 772a8a62 C:\windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\afwServ.exe[2008] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075c2153d 2 bytes JMP 7721fca8 C:\windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\afwServ.exe[2008] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075c21555 2 bytes JMP 772268ef C:\windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\afwServ.exe[2008] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075c2156d 2 bytes JMP 772a8f61 C:\windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\afwServ.exe[2008] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075c21585 2 bytes JMP 772a8ac2 C:\windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\afwServ.exe[2008] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075c2159d 2 bytes JMP 772a865c C:\windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\afwServ.exe[2008] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075c215b5 2 bytes JMP 7721fd41 C:\windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\afwServ.exe[2008] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075c215cd 2 bytes JMP 7722b2dc C:\windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\afwServ.exe[2008] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075c216b2 2 bytes JMP 772a8e24 C:\windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\afwServ.exe[2008] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075c216bd 2 bytes JMP 772a85f1 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1928] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007722a2fd 1 byte [62]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1928] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075c21401 2 bytes JMP 7722b21b C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1928] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075c21419 2 bytes JMP 7722b346 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1928] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075c21431 2 bytes JMP 772a8ea9 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1928] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075c2144a 2 bytes CALL 772048ad C:\windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1928] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075c214dd 2 bytes JMP 772a87a2 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1928] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075c214f5 2 bytes JMP 772a8978 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1928] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075c2150d 2 bytes JMP 772a8698 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1928] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075c21525 2 bytes JMP 772a8a62 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1928] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075c2153d 2 bytes JMP 7721fca8 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1928] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075c21555 2 bytes JMP 772268ef C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1928] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075c2156d 2 bytes JMP 772a8f61 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1928] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075c21585 2 bytes JMP 772a8ac2 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1928] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075c2159d 2 bytes JMP 772a865c C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1928] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075c215b5 2 bytes JMP 7721fd41 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1928] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075c215cd 2 bytes JMP 7722b2dc C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1928] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075c216b2 2 bytes JMP 772a8e24 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1928] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075c216bd 2 bytes JMP 772a85f1 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Anvisoft\Cloud System Booster\CSBSvc.exe[1840] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007722a2fd 1 byte [62]
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2156] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007722a2fd 1 byte [62]
.text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[2452] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007722a2fd 1 byte [62]
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777a1360 5 bytes JMP 0000000077900460
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777a13b0 5 bytes JMP 0000000077900450
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777a1510 5 bytes JMP 0000000077900370
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777a1560 5 bytes JMP 0000000077900470
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a1570 5 bytes JMP 00000000779003e0
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a1620 5 bytes JMP 0000000077900320
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777a1650 5 bytes JMP 00000000779003b0
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777a1670 5 bytes JMP 0000000077900390
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777a16b0 5 bytes JMP 00000000779002e0
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a1730 5 bytes JMP 00000000779002d0
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a1750 5 bytes JMP 0000000077900310
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a1790 5 bytes JMP 00000000779003c0
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a17e0 5 bytes JMP 00000000779003f0
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777a1940 5 bytes JMP 0000000077900230
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a1b00 5 bytes JMP 0000000077900480
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777a1b30 5 bytes JMP 00000000779003a0
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a1c10 5 bytes JMP 00000000779002f0
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777a1c20 5 bytes JMP 0000000077900350
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a1c80 5 bytes JMP 0000000077900290
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a1d10 5 bytes JMP 00000000779002b0
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a1d30 5 bytes JMP 00000000779003d0
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777a1d40 5 bytes JMP 0000000077900330
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777a1db0 5 bytes JMP 0000000077900410
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777a1de0 5 bytes JMP 0000000077900240
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a20a0 5 bytes JMP 00000000779001e0
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777a2160 5 bytes JMP 0000000077900250
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777a2190 5 bytes JMP 0000000077900490
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777a21a0 5 bytes JMP 00000000779004a0
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777a21d0 5 bytes JMP 0000000077900300
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777a21e0 5 bytes JMP 0000000077900360
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777a2240 5 bytes JMP 00000000779002a0
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777a2290 5 bytes JMP 00000000779002c0
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777a22c0 5 bytes JMP 0000000077900380
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777a22d0 5 bytes JMP 0000000077900340
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777a25c0 5 bytes JMP 0000000077900440
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777a27c0 5 bytes JMP 0000000077900260
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777a27d0 5 bytes JMP 0000000077900270
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777a27e0 5 bytes JMP 0000000077900400
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a29a0 5 bytes JMP 00000000779001f0
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777a29b0 5 bytes JMP 0000000077900210
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a2a20 5 bytes JMP 0000000077900200
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777a2a80 5 bytes JMP 0000000077900420
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777a2a90 5 bytes JMP 0000000077900430
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a2aa0 5 bytes JMP 0000000077900220
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777a2b80 5 bytes JMP 0000000077900280
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007758ef8d 1 byte [62]
.text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2768] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007722a2fd 1 byte [62]
.text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2768] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075c21401 2 bytes JMP 7722b21b C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2768] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075c21419 2 bytes JMP 7722b346 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2768] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075c21431 2 bytes JMP 772a8ea9 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2768] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075c2144a 2 bytes CALL 772048ad C:\windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2768] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075c214dd 2 bytes JMP 772a87a2 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2768] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075c214f5 2 bytes JMP 772a8978 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2768] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075c2150d 2 bytes JMP 772a8698 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2768] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075c21525 2 bytes JMP 772a8a62 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2768] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075c2153d 2 bytes JMP 7721fca8 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2768] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075c21555 2 bytes JMP 772268ef C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2768] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075c2156d 2 bytes JMP 772a8f61 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2768] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075c21585 2 bytes JMP 772a8ac2 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2768] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075c2159d 2 bytes JMP 772a865c C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2768] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075c215b5 2 bytes JMP 7721fd41 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2768] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075c215cd 2 bytes JMP 7722b2dc C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2768] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075c216b2 2 bytes JMP 772a8e24 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2768] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075c216bd 2 bytes JMP 772a85f1 C:\windows\syswow64\kernel32.dll
.text C:\Program[2868] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007722a2fd 1 byte [62]
.text C:\Program[2868] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075c21401 2 bytes JMP 7722b21b C:\windows\syswow64\kernel32.dll
.text C:\Program[2868] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075c21419 2 bytes JMP 7722b346 C:\windows\syswow64\kernel32.dll
.text C:\Program[2868] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075c21431 2 bytes JMP 772a8ea9 C:\windows\syswow64\kernel32.dll
.text C:\Program[2868] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075c2144a 2 bytes CALL 772048ad C:\windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program[2868] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075c214dd 2 bytes JMP 772a87a2 C:\windows\syswow64\kernel32.dll
.text C:\Program[2868] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075c214f5 2 bytes JMP 772a8978 C:\windows\syswow64\kernel32.dll
.text C:\Program[2868] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075c2150d 2 bytes JMP 772a8698 C:\windows\syswow64\kernel32.dll
.text C:\Program[2868] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075c21525 2 bytes JMP 772a8a62 C:\windows\syswow64\kernel32.dll
.text C:\Program[2868] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075c2153d 2 bytes JMP 7721fca8 C:\windows\syswow64\kernel32.dll
.text C:\Program[2868] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075c21555 2 bytes JMP 772268ef C:\windows\syswow64\kernel32.dll
.text C:\Program[2868] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075c2156d 2 bytes JMP 772a8f61 C:\windows\syswow64\kernel32.dll
.text C:\Program[2868] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075c21585 2 bytes JMP 772a8ac2 C:\windows\syswow64\kernel32.dll
.text C:\Program[2868] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075c2159d 2 bytes JMP 772a865c C:\windows\syswow64\kernel32.dll
.text C:\Program[2868] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075c215b5 2 bytes JMP 7721fd41 C:\windows\syswow64\kernel32.dll
.text C:\Program[2868] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075c215cd 2 bytes JMP 7722b2dc C:\windows\syswow64\kernel32.dll
.text C:\Program[2868] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075c216b2 2 bytes JMP 772a8e24 C:\windows\syswow64\kernel32.dll
.text C:\Program[2868] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075c216bd 2 bytes JMP 772a85f1 C:\windows\syswow64\kernel32.dll
.text C:\Program[2908] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007722a2fd 1 byte [62]
.text C:\Program[2908] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075c21401 2 bytes JMP 7722b21b C:\windows\syswow64\kernel32.dll
.text C:\Program[2908] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075c21419 2 bytes JMP 7722b346 C:\windows\syswow64\kernel32.dll
.text C:\Program[2908] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075c21431 2 bytes JMP 772a8ea9 C:\windows\syswow64\kernel32.dll
.text C:\Program[2908] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075c2144a 2 bytes CALL 772048ad C:\windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program[2908] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075c214dd 2 bytes JMP 772a87a2 C:\windows\syswow64\kernel32.dll
.text C:\Program[2908] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075c214f5 2 bytes JMP 772a8978 C:\windows\syswow64\kernel32.dll
.text C:\Program[2908] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075c2150d 2 bytes JMP 772a8698 C:\windows\syswow64\kernel32.dll
.text C:\Program[2908] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075c21525 2 bytes JMP 772a8a62 C:\windows\syswow64\kernel32.dll
.text C:\Program[2908] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075c2153d 2 bytes JMP 7721fca8 C:\windows\syswow64\kernel32.dll
.text C:\Program[2908] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075c21555 2 bytes JMP 772268ef C:\windows\syswow64\kernel32.dll
.text C:\Program[2908] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075c2156d 2 bytes JMP 772a8f61 C:\windows\syswow64\kernel32.dll
.text C:\Program[2908] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075c21585 2 bytes JMP 772a8ac2 C:\windows\syswow64\kernel32.dll
.text C:\Program[2908] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075c2159d 2 bytes JMP 772a865c C:\windows\syswow64\kernel32.dll
.text C:\Program[2908] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075c215b5 2 bytes JMP 7721fd41 C:\windows\syswow64\kernel32.dll
.text C:\Program[2908] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075c215cd 2 bytes JMP 7722b2dc C:\windows\syswow64\kernel32.dll
.text C:\Program[2908] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075c216b2 2 bytes JMP 772a8e24 C:\windows\syswow64\kernel32.dll
.text C:\Program[2908] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075c216bd 2 bytes JMP 772a85f1 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2944] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007722a2fd 1 byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777a1360 5 bytes JMP 0000000077900460
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777a13b0 5 bytes JMP 0000000077900450
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777a1510 5 bytes JMP 0000000077900370
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777a1560 5 bytes JMP 0000000077900470
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a1570 5 bytes JMP 00000000779003e0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a1620 5 bytes JMP 0000000077900320
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777a1650 5 bytes JMP 00000000779003b0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777a1670 5 bytes JMP 0000000077900390
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777a16b0 5 bytes JMP 00000000779002e0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a1730 5 bytes JMP 00000000779002d0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a1750 5 bytes JMP 0000000077900310
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a1790 5 bytes JMP 00000000779003c0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a17e0 5 bytes JMP 00000000779003f0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777a1940 5 bytes JMP 0000000077900230
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a1b00 5 bytes JMP 0000000077900480
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777a1b30 5 bytes JMP 00000000779003a0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a1c10 5 bytes JMP 00000000779002f0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777a1c20 5 bytes JMP 0000000077900350
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a1c80 5 bytes JMP 0000000077900290
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a1d10 5 bytes JMP 00000000779002b0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a1d30 5 bytes JMP 00000000779003d0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777a1d40 5 bytes JMP 0000000077900330
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777a1db0 5 bytes JMP 0000000077900410
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777a1de0 5 bytes JMP 0000000077900240
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a20a0 5 bytes JMP 00000000779001e0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777a2160 5 bytes JMP 0000000077900250
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777a2190 5 bytes JMP 0000000077900490
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777a21a0 5 bytes JMP 00000000779004a0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777a21d0 5 bytes JMP 0000000077900300
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777a21e0 5 bytes JMP 0000000077900360
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777a2240 5 bytes JMP 00000000779002a0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777a2290 5 bytes JMP 00000000779002c0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777a22c0 5 bytes JMP 0000000077900380
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777a22d0 5 bytes JMP 0000000077900340
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777a25c0 5 bytes JMP 0000000077900440
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777a27c0 5 bytes JMP 0000000077900260
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777a27d0 5 bytes JMP 0000000077900270
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777a27e0 5 bytes JMP 0000000077900400
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a29a0 5 bytes JMP 00000000779001f0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777a29b0 5 bytes JMP 0000000077900210
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a2a20 5 bytes JMP 0000000077900200
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777a2a80 5 bytes JMP 0000000077900420
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777a2a90 5 bytes JMP 0000000077900430
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a2aa0 5 bytes JMP 0000000077900220
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777a2b80 5 bytes JMP 0000000077900280
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777a1360 5 bytes JMP 0000000077900460
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777a13b0 5 bytes JMP 0000000077900450
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777a1510 5 bytes JMP 0000000077900370
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777a1560 5 bytes JMP 0000000077900470
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a1570 5 bytes JMP 00000000779003e0
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a1620 5 bytes JMP 0000000077900320
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777a1650 5 bytes JMP 00000000779003b0
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777a1670 5 bytes JMP 0000000077900390
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777a16b0 5 bytes JMP 00000000779002e0
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a1730 5 bytes JMP 00000000779002d0
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a1750 5 bytes JMP 0000000077900310
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a1790 5 bytes JMP 00000000779003c0
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a17e0 5 bytes JMP 00000000779003f0
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777a1940 5 bytes JMP 0000000077900230
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a1b00 5 bytes JMP 0000000077900480
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777a1b30 5 bytes JMP 00000000779003a0
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a1c10 5 bytes JMP 00000000779002f0
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777a1c20 5 bytes JMP 0000000077900350
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a1c80 5 bytes JMP 0000000077900290
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a1d10 5 bytes JMP 00000000779002b0
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a1d30 5 bytes JMP 00000000779003d0
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777a1d40 5 bytes JMP 0000000077900330
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777a1db0 5 bytes JMP 0000000077900410
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777a1de0 5 bytes JMP 0000000077900240
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a20a0 5 bytes JMP 00000000779001e0
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777a2160 5 bytes JMP 0000000077900250
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777a2190 5 bytes JMP 0000000077900490
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777a21a0 5 bytes JMP 00000000779004a0
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777a21d0 5 bytes JMP 0000000077900300
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777a21e0 5 bytes JMP 0000000077900360
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777a2240 5 bytes JMP 00000000779002a0
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777a2290 5 bytes JMP 00000000779002c0
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777a22c0 5 bytes JMP 0000000077900380
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777a22d0 5 bytes JMP 0000000077900340
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777a25c0 5 bytes JMP 0000000077900440
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777a27c0 5 bytes JMP 0000000077900260
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777a27d0 5 bytes JMP 0000000077900270
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777a27e0 5 bytes JMP 0000000077900400
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a29a0 5 bytes JMP 00000000779001f0
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777a29b0 5 bytes JMP 0000000077900210
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a2a20 5 bytes JMP 0000000077900200
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777a2a80 5 bytes JMP 0000000077900420
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777a2a90 5 bytes JMP 0000000077900430
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a2aa0 5 bytes JMP 0000000077900220
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777a2b80 5 bytes JMP 0000000077900280
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777a1360 5 bytes JMP 0000000077900460
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777a13b0 5 bytes JMP 0000000077900450
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777a1510 5 bytes JMP 0000000077900370
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777a1560 5 bytes JMP 0000000077900470
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a1570 5 bytes JMP 00000000779003e0
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a1620 5 bytes JMP 0000000077900320
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777a1650 5 bytes JMP 00000000779003b0
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777a1670 5 bytes JMP 0000000077900390
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777a16b0 5 bytes JMP 00000000779002e0
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a1730 5 bytes JMP 00000000779002d0
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a1750 5 bytes JMP 0000000077900310
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a1790 5 bytes JMP 00000000779003c0
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a17e0 5 bytes JMP 00000000779003f0
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777a1940 5 bytes JMP 0000000077900230
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a1b00 5 bytes JMP 0000000077900480
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777a1b30 5 bytes JMP 00000000779003a0
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a1c10 5 bytes JMP 00000000779002f0
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777a1c20 5 bytes JMP 0000000077900350
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a1c80 5 bytes JMP 0000000077900290
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a1d10 5 bytes JMP 00000000779002b0
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a1d30 5 bytes JMP 00000000779003d0
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777a1d40 5 bytes JMP 0000000077900330
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777a1db0 5 bytes JMP 0000000077900410
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777a1de0 5 bytes JMP 0000000077900240
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a20a0 5 bytes JMP 00000000779001e0
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777a2160 5 bytes JMP 0000000077900250
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777a2190 5 bytes JMP 0000000077900490
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777a21a0 5 bytes JMP 00000000779004a0
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777a21d0 5 bytes JMP 0000000077900300
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777a21e0 5 bytes JMP 0000000077900360
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777a2240 5 bytes JMP 00000000779002a0
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777a2290 5 bytes JMP 00000000779002c0
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777a22c0 5 bytes JMP 0000000077900380
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777a22d0 5 bytes JMP 0000000077900340
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777a25c0 5 bytes JMP 0000000077900440
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777a27c0 5 bytes JMP 0000000077900260
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777a27d0 5 bytes JMP 0000000077900270
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777a27e0 5 bytes JMP 0000000077900400
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a29a0 5 bytes JMP 00000000779001f0
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777a29b0 5 bytes JMP 0000000077900210
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a2a20 5 bytes JMP 0000000077900200
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777a2a80 5 bytes JMP 0000000077900420
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777a2a90 5 bytes JMP 0000000077900430
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a2aa0 5 bytes JMP 0000000077900220
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777a2b80 5 bytes JMP 0000000077900280
.text C:\windows\system32\Dwm.exe[3724] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000077546440 5 bytes JMP 0000000169ff0038
.text C:\windows\system32\Dwm.exe[3724] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007758ef8d 1 byte [62]
.text C:\windows\system32\Dwm.exe[3724] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd828ef0 5 bytes JMP 000007fffd8100b8
.text C:\windows\system32\Dwm.exe[3724] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd82bfd0 5 bytes JMP 000007fffd810038
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777a1360 5 bytes JMP 0000000100070460
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777a13b0 5 bytes JMP 0000000100070450
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777a1510 5 bytes JMP 0000000100070370
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777a1560 5 bytes JMP 0000000100070470
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a1570 5 bytes JMP 00000001000703e0
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a1620 5 bytes JMP 0000000100070320
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777a1650 5 bytes JMP 00000001000703b0
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777a1670 5 bytes JMP 0000000100070390
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777a16b0 5 bytes JMP 00000001000702e0
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a1730 5 bytes JMP 00000001000702d0
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a1750 5 bytes JMP 0000000100070310
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a1790 5 bytes JMP 00000001000703c0
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a17e0 5 bytes JMP 00000001000703f0
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777a1940 5 bytes JMP 0000000100070230
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a1b00 5 bytes JMP 0000000100070480
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777a1b30 5 bytes JMP 00000001000703a0
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a1c10 5 bytes JMP 00000001000702f0
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777a1c20 5 bytes JMP 0000000100070350
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a1c80 5 bytes JMP 0000000100070290
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a1d10 5 bytes JMP 00000001000702b0
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a1d30 5 bytes JMP 00000001000703d0
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777a1d40 5 bytes JMP 0000000100070330
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777a1db0 5 bytes JMP 0000000100070410
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777a1de0 5 bytes JMP 0000000100070240
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a20a0 5 bytes JMP 00000001000701e0
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777a2160 5 bytes JMP 0000000100070250
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777a2190 5 bytes JMP 0000000100070490
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777a21a0 5 bytes JMP 00000001000704a0
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777a21d0 5 bytes JMP 0000000100070300
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777a21e0 5 bytes JMP 0000000100070360
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777a2240 5 bytes JMP 00000001000702a0
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777a2290 5 bytes JMP 00000001000702c0
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777a22c0 5 bytes JMP 0000000100070380
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777a22d0 5 bytes JMP 0000000100070340
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777a25c0 5 bytes JMP 0000000100070440
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777a27c0 5 bytes JMP 0000000100070260
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777a27d0 5 bytes JMP 0000000100070270
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777a27e0 5 bytes JMP 0000000100070400
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a29a0 5 bytes JMP 00000001000701f0
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777a29b0 5 bytes JMP 0000000100070210
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a2a20 5 bytes JMP 0000000100070200
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777a2a80 5 bytes JMP 0000000100070420
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777a2a90 5 bytes JMP 0000000100070430
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a2aa0 5 bytes JMP 0000000100070220
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777a2b80 5 bytes JMP 0000000100070280
.text C:\windows\Explorer.EXE[3732] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007758ef8d 1 byte [62]
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777a1360 5 bytes JMP 0000000077900460
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777a13b0 5 bytes JMP 0000000077900450
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777a1510 5 bytes JMP 0000000077900370
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777a1560 5 bytes JMP 0000000077900470
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a1570 5 bytes JMP 00000000779003e0
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a1620 5 bytes JMP 0000000077900320
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777a1650 5 bytes JMP 00000000779003b0
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777a1670 5 bytes JMP 0000000077900390
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777a16b0 5 bytes JMP 00000000779002e0
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a1730 5 bytes JMP 00000000779002d0
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a1750 5 bytes JMP 0000000077900310
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a1790 5 bytes JMP 00000000779003c0
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a17e0 5 bytes JMP 00000000779003f0
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777a1940 5 bytes JMP 0000000077900230
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a1b00 5 bytes JMP 0000000077900480
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777a1b30 5 bytes JMP 00000000779003a0
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a1c10 5 bytes JMP 00000000779002f0
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777a1c20 5 bytes JMP 0000000077900350
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a1c80 5 bytes JMP 0000000077900290
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a1d10 5 bytes JMP 00000000779002b0
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a1d30 5 bytes JMP 00000000779003d0
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777a1d40 5 bytes JMP 0000000077900330
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777a1db0 5 bytes JMP 0000000077900410
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777a1de0 5 bytes JMP 0000000077900240
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a20a0 5 bytes JMP 00000000779001e0
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777a2160 5 bytes JMP 0000000077900250
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777a2190 5 bytes JMP 0000000077900490
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777a21a0 5 bytes JMP 00000000779004a0
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777a21d0 5 bytes JMP 0000000077900300
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777a21e0 5 bytes JMP 0000000077900360
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777a2240 5 bytes JMP 00000000779002a0
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777a2290 5 bytes JMP 00000000779002c0
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777a22c0 5 bytes JMP 0000000077900380
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777a22d0 5 bytes JMP 0000000077900340
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777a25c0 5 bytes JMP 0000000077900440
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777a27c0 5 bytes JMP 0000000077900260
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777a27d0 5 bytes JMP 0000000077900270
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777a27e0 5 bytes JMP 0000000077900400
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a29a0 5 bytes JMP 00000000779001f0
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777a29b0 5 bytes JMP 0000000077900210
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a2a20 5 bytes JMP 0000000077900200
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777a2a80 5 bytes JMP 0000000077900420
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777a2a90 5 bytes JMP 0000000077900430
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a2aa0 5 bytes JMP 0000000077900220
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777a2b80 5 bytes JMP 0000000077900280
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777a1360 5 bytes JMP 0000000077900460
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777a13b0 5 bytes JMP 0000000077900450
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777a1510 5 bytes JMP 0000000077900370
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777a1560 5 bytes JMP 0000000077900470
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a1570 5 bytes JMP 00000000779003e0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a1620 5 bytes JMP 0000000077900320
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777a1650 5 bytes JMP 00000000779003b0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777a1670 5 bytes JMP 0000000077900390
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777a16b0 5 bytes JMP 00000000779002e0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a1730 5 bytes JMP 00000000779002d0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a1750 5 bytes JMP 0000000077900310
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a1790 5 bytes JMP 00000000779003c0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a17e0 5 bytes JMP 00000000779003f0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777a1940 5 bytes JMP 0000000077900230
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a1b00 5 bytes JMP 0000000077900480
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777a1b30 5 bytes JMP 00000000779003a0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a1c10 5 bytes JMP 00000000779002f0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777a1c20 5 bytes JMP 0000000077900350
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a1c80 5 bytes JMP 0000000077900290
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a1d10 5 bytes JMP 00000000779002b0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a1d30 5 bytes JMP 00000000779003d0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777a1d40 5 bytes JMP 0000000077900330
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777a1db0 5 bytes JMP 0000000077900410
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777a1de0 5 bytes JMP 0000000077900240
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a20a0 5 bytes JMP 00000000779001e0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777a2160 5 bytes JMP 0000000077900250
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777a2190 5 bytes JMP 0000000077900490
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777a21a0 5 bytes JMP 00000000779004a0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777a21d0 5 bytes JMP 0000000077900300
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777a21e0 5 bytes JMP 0000000077900360
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777a2240 5 bytes JMP 00000000779002a0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777a2290 5 bytes JMP 00000000779002c0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777a22c0 5 bytes JMP 0000000077900380
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777a22d0 5 bytes JMP 0000000077900340
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777a25c0 5 bytes JMP 0000000077900440
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777a27c0 5 bytes JMP 0000000077900260
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777a27d0 5 bytes JMP 0000000077900270
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777a27e0 5 bytes JMP 0000000077900400
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a29a0 5 bytes JMP 00000000779001f0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777a29b0 5 bytes JMP 0000000077900210
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a2a20 5 bytes JMP 0000000077900200
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777a2a80 5 bytes JMP 0000000077900420
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777a2a90 5 bytes JMP 0000000077900430
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a2aa0 5 bytes JMP 0000000077900220
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777a2b80 5 bytes JMP 0000000077900280
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007758ef8d 1 byte [62]
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777a1360 5 bytes JMP 0000000077900460
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777a13b0 5 bytes JMP 0000000077900450
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777a1510 5 bytes JMP 0000000077900370
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777a1560 5 bytes JMP 0000000077900470
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a1570 5 bytes JMP 00000000779003e0
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a1620 5 bytes JMP 0000000077900320
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777a1650 5 bytes JMP 00000000779003b0
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777a1670 5 bytes JMP 0000000077900390
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent
|
|
09.04.2015, 12:49
| #8 |
| | gmer 4Code:
ATTFilter 00000000777a16b0 5 bytes JMP 00000000779002e0
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a1730 5 bytes JMP 00000000779002d0
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a1750 5 bytes JMP 0000000077900310
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a1790 5 bytes JMP 00000000779003c0
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a17e0 5 bytes JMP 00000000779003f0
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777a1940 5 bytes JMP 0000000077900230
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a1b00 5 bytes JMP 0000000077900480
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777a1b30 5 bytes JMP 00000000779003a0
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a1c10 5 bytes JMP 00000000779002f0
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777a1c20 5 bytes JMP 0000000077900350
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a1c80 5 bytes JMP 0000000077900290
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a1d10 5 bytes JMP 00000000779002b0
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a1d30 5 bytes JMP 00000000779003d0
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777a1d40 5 bytes JMP 0000000077900330
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777a1db0 5 bytes JMP 0000000077900410
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777a1de0 5 bytes JMP 0000000077900240
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a20a0 5 bytes JMP 00000000779001e0
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777a2160 5 bytes JMP 0000000077900250
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777a2190 5 bytes JMP 0000000077900490
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777a21a0 5 bytes JMP 00000000779004a0
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777a21d0 5 bytes JMP 0000000077900300
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777a21e0 5 bytes JMP 0000000077900360
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777a2240 5 bytes JMP 00000000779002a0
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777a2290 5 bytes JMP 00000000779002c0
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777a22c0 5 bytes JMP 0000000077900380
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777a22d0 5 bytes JMP 0000000077900340
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777a25c0 5 bytes JMP 0000000077900440
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777a27c0 5 bytes JMP 0000000077900260
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777a27d0 5 bytes JMP 0000000077900270
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777a27e0 5 bytes JMP 0000000077900400
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a29a0 5 bytes JMP 00000000779001f0
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777a29b0 5 bytes JMP 0000000077900210
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a2a20 5 bytes JMP 0000000077900200
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777a2a80 5 bytes JMP 0000000077900420
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777a2a90 5 bytes JMP 0000000077900430
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a2aa0 5 bytes JMP 0000000077900220
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777a2b80 5 bytes JMP 0000000077900280
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007758ef8d 1 byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777a1360 5 bytes JMP 0000000077900460
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777a13b0 5 bytes JMP 0000000077900450
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777a1510 5 bytes JMP 0000000077900370
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777a1560 5 bytes JMP 0000000077900470
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a1570 5 bytes JMP 00000000779003e0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a1620 5 bytes JMP 0000000077900320
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777a1650 5 bytes JMP 00000000779003b0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777a1670 5 bytes JMP 0000000077900390
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777a16b0 5 bytes JMP 00000000779002e0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a1730 5 bytes JMP 00000000779002d0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a1750 5 bytes JMP 0000000077900310
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a1790 5 bytes JMP 00000000779003c0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a17e0 5 bytes JMP 00000000779003f0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777a1940 5 bytes JMP 0000000077900230
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a1b00 5 bytes JMP 0000000077900480
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777a1b30 5 bytes JMP 00000000779003a0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a1c10 5 bytes JMP 00000000779002f0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777a1c20 5 bytes JMP 0000000077900350
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a1c80 5 bytes JMP 0000000077900290
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a1d10 5 bytes JMP 00000000779002b0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a1d30 5 bytes JMP 00000000779003d0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777a1d40 5 bytes JMP 0000000077900330
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777a1db0 5 bytes JMP 0000000077900410
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777a1de0 5 bytes JMP 0000000077900240
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a20a0 5 bytes JMP 00000000779001e0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777a2160 5 bytes JMP 0000000077900250
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777a2190 5 bytes JMP 0000000077900490
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777a21a0 5 bytes JMP 00000000779004a0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777a21d0 5 bytes JMP 0000000077900300
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777a21e0 5 bytes JMP 0000000077900360
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777a2240 5 bytes JMP 00000000779002a0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777a2290 5 bytes JMP 00000000779002c0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777a22c0 5 bytes JMP 0000000077900380
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777a22d0 5 bytes JMP 0000000077900340
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777a25c0 5 bytes JMP 0000000077900440
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777a27c0 5 bytes JMP 0000000077900260
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777a27d0 5 bytes JMP 0000000077900270
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777a27e0 5 bytes JMP 0000000077900400
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a29a0 5 bytes JMP 00000000779001f0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777a29b0 5 bytes JMP 0000000077900210
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a2a20 5 bytes JMP 0000000077900200
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777a2a80 5 bytes JMP 0000000077900420
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777a2a90 5 bytes JMP 0000000077900430
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a2aa0 5 bytes JMP 0000000077900220
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777a2b80 5 bytes JMP 0000000077900280
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007758ef8d 1 byte [62]
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777a1360 5 bytes JMP 0000000077900460
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777a13b0 5 bytes JMP 0000000077900450
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777a1510 5 bytes JMP 0000000077900370
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777a1560 5 bytes JMP 0000000077900470
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a1570 5 bytes JMP 00000000779003e0
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a1620 5 bytes JMP 0000000077900320
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777a1650 5 bytes JMP 00000000779003b0
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777a1670 5 bytes JMP 0000000077900390
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777a16b0 5 bytes JMP 00000000779002e0
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a1730 5 bytes JMP 00000000779002d0
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a1750 5 bytes JMP 0000000077900310
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a1790 5 bytes JMP 00000000779003c0
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a17e0 5 bytes JMP 00000000779003f0
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777a1940 5 bytes JMP 0000000077900230
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a1b00 5 bytes JMP 0000000077900480
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777a1b30 5 bytes JMP 00000000779003a0
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a1c10 5 bytes JMP 00000000779002f0
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777a1c20 5 bytes JMP 0000000077900350
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a1c80 5 bytes JMP 0000000077900290
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a1d10 5 bytes JMP 00000000779002b0
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a1d30 5 bytes JMP 00000000779003d0
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777a1d40 5 bytes JMP 0000000077900330
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777a1db0 5 bytes JMP 0000000077900410
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777a1de0 5 bytes JMP 0000000077900240
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a20a0 5 bytes JMP 00000000779001e0
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777a2160 5 bytes JMP 0000000077900250
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777a2190 5 bytes JMP 0000000077900490
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777a21a0 5 bytes JMP 00000000779004a0
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777a21d0 5 bytes JMP 0000000077900300
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777a21e0 5 bytes JMP 0000000077900360
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777a2240 5 bytes JMP 00000000779002a0
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777a2290 5 bytes JMP 00000000779002c0
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777a22c0 5 bytes JMP 0000000077900380
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777a22d0 5 bytes JMP 0000000077900340
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777a25c0 5 bytes JMP 0000000077900440
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777a27c0 5 bytes JMP 0000000077900260
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777a27d0 5 bytes JMP 0000000077900270
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777a27e0 5 bytes JMP 0000000077900400
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a29a0 5 bytes JMP 00000000779001f0
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777a29b0 5 bytes JMP 0000000077900210
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a2a20 5 bytes JMP 0000000077900200
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777a2a80 5 bytes JMP 0000000077900420
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777a2a90 5 bytes JMP 0000000077900430
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a2aa0 5 bytes JMP 0000000077900220
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777a2b80 5 bytes JMP 0000000077900280
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[3940] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007758ef8d 1 byte [62]
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3428] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777a1360 5 bytes JMP 0000000077900460
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3428] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777a13b0 5 bytes JMP 0000000077900450
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3428] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777a1510 5 bytes JMP 0000000077900370
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3428] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777a1560 5 bytes JMP 0000000077900470
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3428] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a1570 5 bytes JMP 00000000779003e0
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3428] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a1620 5 bytes JMP 0000000077900320
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3428] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777a1650 5 bytes JMP 00000000779003b0
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3428] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777a1670 5 bytes JMP 0000000077900390
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3428] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777a16b0 5 bytes JMP 00000000779002e0
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3428] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a1730 5 bytes JMP 00000000779002d0
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3428] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a1750 5 bytes JMP 0000000077900310
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3428] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a1790 5 bytes JMP 00000000779003c0
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3428] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a17e0 5 bytes JMP 00000000779003f0
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3428] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777a1940 5 bytes JMP 0000000077900230
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3428] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a1b00 5 bytes JMP 0000000077900480
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3428] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777a1b30 5 bytes JMP 00000000779003a0
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3428] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a1c10 5 bytes JMP 00000000779002f0
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3428] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777a1c20 5 bytes JMP 0000000077900350
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3428] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a1c80 5 bytes JMP 0000000077900290
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3428] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a1d10 5 bytes JMP 00000000779002b0
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3428] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a1d30 5 bytes JMP 00000000779003d0
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3428] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777a1d40 5 bytes JMP 0000000077900330
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3428] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777a1db0 5 bytes JMP 0000000077900410
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3428] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777a1de0 5 bytes JMP 0000000077900240
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3428] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a20a0 5 bytes JMP 00000000779001e0
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3428] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777a2160 5 bytes JMP 0000000077900250
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3428] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777a2190 5 bytes JMP 0000000077900490
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3428] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777a21a0 5 bytes JMP 00000000779004a0
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3428] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777a21d0 5 bytes JMP 0000000077900300
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3428] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777a21e0 5 bytes JMP 0000000077900360
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3428] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777a2240 5 bytes JMP 00000000779002a0
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3428] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777a2290 5 bytes JMP 00000000779002c0
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3428] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777a22c0 5 bytes JMP 0000000077900380
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3428] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777a22d0 5 bytes JMP 0000000077900340
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3428] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777a25c0 5 bytes JMP 0000000077900440
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3428] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777a27c0 5 bytes JMP 0000000077900260
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3428] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777a27d0 5 bytes JMP 0000000077900270
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3428] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777a27e0 5 bytes JMP 0000000077900400
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3428] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a29a0 5 bytes JMP 00000000779001f0
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3428] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777a29b0 5 bytes JMP 0000000077900210
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3428] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a2a20 5 bytes JMP 0000000077900200
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3428] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777a2a80 5 bytes JMP 0000000077900420
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3428] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777a2a90 5 bytes JMP 0000000077900430
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3428] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a2aa0 5 bytes JMP 0000000077900220
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3428] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777a2b80 5 bytes JMP 0000000077900280
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3428] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007758ef8d 1 byte [62]
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777a1360 5 bytes JMP 0000000077900460
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777a13b0 5 bytes JMP 0000000077900450
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777a1510 5 bytes JMP 0000000077900370
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777a1560 5 bytes JMP 0000000077900470
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a1570 5 bytes JMP 00000000779003e0
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a1620 5 bytes JMP 0000000077900320
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777a1650 5 bytes JMP 00000000779003b0
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777a1670 5 bytes JMP 0000000077900390
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777a16b0 5 bytes JMP 00000000779002e0
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a1730 5 bytes JMP 00000000779002d0
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a1750 5 bytes JMP 0000000077900310
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a1790 5 bytes JMP 00000000779003c0
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a17e0 5 bytes JMP 00000000779003f0
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777a1940 5 bytes JMP 0000000077900230
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a1b00 5 bytes JMP 0000000077900480
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777a1b30 5 bytes JMP 00000000779003a0
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a1c10 5 bytes JMP 00000000779002f0
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777a1c20 5 bytes JMP 0000000077900350
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a1c80 5 bytes JMP 0000000077900290
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a1d10 5 bytes JMP 00000000779002b0
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a1d30 5 bytes JMP 00000000779003d0
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777a1d40 5 bytes JMP 0000000077900330
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777a1db0 5 bytes JMP 0000000077900410
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777a1de0 5 bytes JMP 0000000077900240
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a20a0 5 bytes JMP 00000000779001e0
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777a2160 5 bytes JMP 0000000077900250
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777a2190 5 bytes JMP 0000000077900490
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777a21a0 5 bytes JMP 00000000779004a0
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777a21d0 5 bytes JMP 0000000077900300
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777a21e0 5 bytes JMP 0000000077900360
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777a2240 5 bytes JMP 00000000779002a0
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777a2290 5 bytes JMP 00000000779002c0
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777a22c0 5 bytes JMP 0000000077900380
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777a22d0 5 bytes JMP 0000000077900340
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777a25c0 5 bytes JMP 0000000077900440
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777a27c0 5 bytes JMP 0000000077900260
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777a27d0 5 bytes JMP 0000000077900270
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777a27e0 5 bytes JMP 0000000077900400
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a29a0 5 bytes JMP 00000000779001f0
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777a29b0 5 bytes JMP 0000000077900210
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a2a20 5 bytes JMP 0000000077900200
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777a2a80 5 bytes JMP 0000000077900420
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777a2a90 5 bytes JMP 0000000077900430
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a2aa0 5 bytes JMP 0000000077900220
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777a2b80 5 bytes JMP 0000000077900280
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000077546440 5 bytes JMP 0000000169ff0038
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007758ef8d 1 byte [62]
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd828ef0 5 bytes JMP 000007fffd7f00b8
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd82bfd0 5 bytes JMP 000007fffd7f0038
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\system32\WINMM.dll!waveOutReset 000007fefb1da38c 5 bytes JMP 000007fefd7f02b8
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\system32\WINMM.dll!waveOutPause 000007fefb1f4b60 5 bytes JMP 000007fefd7f0238
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\system32\WINMM.dll!waveOutRestart 000007fefb1f4ba0 5 bytes JMP 000007fefd7f01b8
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefea37490 5 bytes JMP 000007fffd7f0138
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[4152] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007722a2fd 1 byte [62]
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[4152] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075c21401 2 bytes JMP 7722b21b C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[4152] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075c21419 2 bytes JMP 7722b346 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[4152] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075c21431 2 bytes JMP 772a8ea9 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[4152] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075c2144a 2 bytes CALL 772048ad C:\windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[4152] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075c214dd 2 bytes JMP 772a87a2 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[4152] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075c214f5 2 bytes JMP 772a8978 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[4152] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075c2150d 2 bytes JMP 772a8698 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[4152] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075c21525 2 bytes JMP 772a8a62 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[4152] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075c2153d 2 bytes JMP 7721fca8 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[4152] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075c21555 2 bytes JMP 772268ef C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[4152] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075c2156d 2 bytes JMP 772a8f61 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[4152] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075c21585 2 bytes JMP 772a8ac2 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[4152] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075c2159d 2 bytes JMP 772a865c C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[4152] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075c215b5 2 bytes JMP 7721fd41 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[4152] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075c215cd 2 bytes JMP 7722b2dc C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[4152] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075c216b2 2 bytes JMP 772a8e24 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[4152] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075c216bd 2 bytes JMP 772a85f1 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4228] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777a1360 5 bytes JMP 0000000077900460
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4228] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777a13b0 5 bytes JMP 0000000077900450
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4228] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777a1510 5 bytes JMP 0000000077900370
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4228] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777a1560 5 bytes JMP 0000000077900470
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4228] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a1570 5 bytes JMP 00000000779003e0
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4228] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a1620 5 bytes JMP 0000000077900320
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4228] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777a1650 5 bytes JMP 00000000779003b0
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4228] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777a1670 5 bytes JMP 0000000077900390
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4228] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777a16b0 5 bytes JMP 00000000779002e0
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4228] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a1730 5 bytes JMP 00000000779002d0
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4228] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a1750 5 bytes JMP 0000000077900310
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4228] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a1790 5 bytes JMP 00000000779003c0
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4228] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a17e0 5 bytes JMP 00000000779003f0
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4228] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777a1940 5 bytes JMP 0000000077900230
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4228] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a1b00 5 bytes JMP 0000000077900480
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4228] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777a1b30 5 bytes JMP 00000000779003a0
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4228] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a1c10 5 bytes JMP 00000000779002f0
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4228] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777a1c20 5 bytes JMP 0000000077900350
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4228] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a1c80 5 bytes JMP 0000000077900290
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4228] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a1d10 5 bytes JMP 00000000779002b0
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4228] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a1d30 5 bytes JMP 00000000779003d0
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4228] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777a1d40 5 bytes JMP 0000000077900330
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4228] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777a1db0 5 bytes JMP 0000000077900410
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4228] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777a1de0 5 bytes JMP 0000000077900240
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4228] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a20a0 5 bytes JMP 00000000779001e0
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4228] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777a2160 5 bytes JMP 0000000077900250
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4228] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777a2190 5 bytes JMP 0000000077900490
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4228] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777a21a0 5 bytes JMP 00000000779004a0
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4228] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777a21d0 5 bytes JMP 0000000077900300
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4228] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777a21e0 5 bytes JMP 0000000077900360
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4228] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777a2240 5 bytes JMP 00000000779002a0
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4228] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777a2290 5 bytes JMP 00000000779002c0
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4228] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777a22c0 5 bytes JMP 0000000077900380
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4228] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777a22d0 5 bytes JMP 0000000077900340
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4228] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777a25c0 5 bytes JMP 0000000077900440
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4228] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777a27c0 5 bytes JMP 0000000077900260
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4228] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777a27d0 5 bytes JMP 0000000077900270
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4228] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777a27e0 5 bytes JMP 0000000077900400
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4228] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a29a0 5 bytes JMP 00000000779001f0
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4228] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777a29b0 5 bytes JMP 0000000077900210
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4228] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a2a20 5 bytes JMP 0000000077900200
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4228] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777a2a80 5 bytes JMP 0000000077900420
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4228] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777a2a90 5 bytes JMP 0000000077900430
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4228] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a2aa0 5 bytes JMP 0000000077900220
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4228] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777a2b80 5 bytes JMP 0000000077900280
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4228] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000077546440 5 bytes JMP 0000000169ff0038
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4228] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007758ef8d 1 byte [62]
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4228] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd828ef0 5 bytes JMP 000007fffd7f00b8
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4228] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd82bfd0 5 bytes JMP 000007fffd7f0038
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777a1360 5 bytes JMP 0000000077900460
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777a13b0 5 bytes JMP 0000000077900450
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777a1510 5 bytes JMP 0000000077900370
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777a1560 5 bytes JMP 0000000077900470
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a1570 5 bytes JMP 00000000779003e0
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a1620 5 bytes JMP 0000000077900320
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777a1650 5 bytes JMP 00000000779003b0
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777a1670 5 bytes JMP 0000000077900390
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777a16b0 5 bytes JMP 00000000779002e0
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a1730 5 bytes JMP 00000000779002d0
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a1750 5 bytes JMP 0000000077900310
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a1790 5 bytes JMP 00000000779003c0
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a17e0 5 bytes JMP 00000000779003f0
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777a1940 5 bytes JMP 0000000077900230
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a1b00 5 bytes JMP 0000000077900480
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777a1b30 5 bytes JMP 00000000779003a0
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a1c10 5 bytes JMP 00000000779002f0
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777a1c20 5 bytes JMP 0000000077900350
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a1c80 5 bytes JMP 0000000077900290
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a1d10 5 bytes JMP 00000000779002b0
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a1d30 5 bytes JMP 00000000779003d0
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777a1d40 5 bytes JMP 0000000077900330
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777a1db0 5 bytes JMP 0000000077900410
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777a1de0 5 bytes JMP 0000000077900240
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a20a0 5 bytes JMP 00000000779001e0
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777a2160 5 bytes JMP 0000000077900250
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777a2190 5 bytes JMP 0000000077900490
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777a21a0 5 bytes JMP 00000000779004a0
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777a21d0 5 bytes JMP 0000000077900300
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777a21e0 5 bytes JMP 0000000077900360
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777a2240 5 bytes JMP 00000000779002a0
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777a2290 5 bytes JMP 00000000779002c0
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777a22c0 5 bytes JMP 0000000077900380
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777a22d0 5 bytes JMP 0000000077900340
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777a25c0 5 bytes JMP 0000000077900440
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777a27c0 5 bytes JMP 0000000077900260
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777a27d0 5 bytes JMP 0000000077900270
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777a27e0 5 bytes JMP 0000000077900400
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a29a0 5 bytes JMP 00000000779001f0
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777a29b0 5 bytes JMP 0000000077900210
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a2a20 5 bytes JMP 0000000077900200
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777a2a80 5 bytes JMP 0000000077900420
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777a2a90 5 bytes JMP 0000000077900430
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a2aa0 5 bytes JMP 0000000077900220
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777a2b80 5 bytes JMP 0000000077900280
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4356] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007758ef8d 1 byte [62]
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777a1360 5 bytes JMP 0000000077900460
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777a13b0 5 bytes JMP 0000000077900450
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777a1510 5 bytes JMP 0000000077900370
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777a1560 5 bytes JMP 0000000077900470
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a1570 5 bytes JMP 00000000779003e0
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a1620 5 bytes JMP 0000000077900320
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777a1650 5 bytes JMP 00000000779003b0
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777a1670 5 bytes JMP 0000000077900390
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777a16b0 5 bytes JMP 00000000779002e0
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a1730 5 bytes JMP 00000000779002d0
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a1750 5 bytes JMP 0000000077900310
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a1790 5 bytes JMP 00000000779003c0
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a17e0 5 bytes JMP 00000000779003f0
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777a1940 5 bytes JMP 0000000077900230
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a1b00 5 bytes JMP 0000000077900480
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777a1b30 5 bytes JMP 00000000779003a0
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a1c10 5 bytes JMP 00000000779002f0
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777a1c20 5 bytes JMP 0000000077900350
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a1c80 5 bytes JMP 0000000077900290
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a1d10 5 bytes JMP 00000000779002b0
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a1d30 5 bytes JMP 00000000779003d0
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777a1d40 5 bytes JMP 0000000077900330
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777a1db0 5 bytes JMP 0000000077900410
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777a1de0 5 bytes JMP 0000000077900240
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a20a0 5 bytes JMP 00000000779001e0
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777a2160 5 bytes JMP 0000000077900250
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777a2190 5 bytes JMP 0000000077900490
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777a21a0 5 bytes JMP 00000000779004a0
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777a21d0 5 bytes JMP 0000000077900300
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777a21e0 5 bytes JMP 0000000077900360
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777a2240 5 bytes JMP 00000000779002a0
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777a2290 5 bytes JMP 00000000779002c0
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777a22c0 5 bytes JMP 0000000077900380
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777a22d0 5 bytes JMP 0000000077900340
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777a25c0 5 bytes JMP 0000000077900440
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777a27c0 5 bytes JMP 0000000077900260
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777a27d0 5 bytes JMP 0000000077900270
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777a27e0 5 bytes JMP 0000000077900400
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a29a0 5 bytes JMP 00000000779001f0
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777a29b0 5 bytes JMP 0000000077900210
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a2a20 5 bytes JMP 0000000077900200
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777a2a80 5 bytes JMP 0000000077900420
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777a2a90 5 bytes JMP 0000000077900430
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a2aa0 5 bytes JMP 0000000077900220
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777a2b80 5 bytes JMP 0000000077900280
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000077546440 5 bytes JMP 0000000169ff0038
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007758ef8d 1 byte [62]
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd828ef0 5 bytes JMP 000007fffd7f00b8
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd82bfd0 5 bytes JMP 000007fffd7f0038
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefea37490 5 bytes JMP 000007fffd7f0138
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\system32\WINMM.dll!waveOutReset 000007fefb1da38c 5 bytes JMP 000007fefd7f02b8
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\system32\WINMM.dll!waveOutPause 000007fefb1f4b60 5 bytes JMP 000007fefd7f0238
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\system32\WINMM.dll!waveOutRestart 000007fefb1f4ba0 5 bytes JMP 000007fefd7f01b8
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\system32\DDRAW.dll!DirectDrawCreate 000007fef673815c 5 bytes JMP 000007fefd7f0338
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\system32\DDRAW.dll!DirectDrawCreateEx 000007fef6738968 5 bytes JMP 000007fefd7f03b8
.text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777a1360 5 bytes JMP 0000000077900460
.text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777a13b0 5 bytes JMP 0000000077900450
.text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777a1510 5 bytes JMP 0000000077900370
.text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777a1560 5 bytes JMP 0000000077900470
.text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a1570 5 bytes JMP 00000000779003e0
.text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a1620 5 bytes JMP 0000000077900320
.text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777a1650 5 bytes JMP 00000000779003b0
.text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777a1670 5 bytes JMP 0000000077900390
.text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777a16b0 5 bytes JMP 00000000779002e0
.text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a1730 5 bytes JMP 00000000779002d0
.text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a1750 5 bytes JMP 0000000077900310
.text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a1790 5 bytes JMP 00000000779003c0
.text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a17e0 5 bytes JMP 00000000779003f0
.text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777a1940 5 bytes JMP 0000000077900230
.text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a1b00 5 bytes JMP 0000000077900480
|
|
09.04.2015, 12:51
| #9 |
| | gmer 5Code:
ATTFilter .text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777a1b30 5 bytes JMP 00000000779003a0
.text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a1c10 5 bytes JMP 00000000779002f0
.text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777a1c20 5 bytes JMP 0000000077900350
.text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a1c80 5 bytes JMP 0000000077900290
.text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a1d10 5 bytes JMP 00000000779002b0
.text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a1d30 5 bytes JMP 00000000779003d0
.text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777a1d40 5 bytes JMP 0000000077900330
.text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777a1db0 5 bytes JMP 0000000077900410
.text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777a1de0 5 bytes JMP 0000000077900240
.text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a20a0 5 bytes JMP 00000000779001e0
.text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777a2160 5 bytes JMP 0000000077900250
.text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777a2190 5 bytes JMP 0000000077900490
.text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777a21a0 5 bytes JMP 00000000779004a0
.text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777a21d0 5 bytes JMP 0000000077900300
.text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777a21e0 5 bytes JMP 0000000077900360
.text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777a2240 5 bytes JMP 00000000779002a0
.text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777a2290 5 bytes JMP 00000000779002c0
.text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777a22c0 5 bytes JMP 0000000077900380
.text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777a22d0 5 bytes JMP 0000000077900340
.text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777a25c0 5 bytes JMP 0000000077900440
.text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777a27c0 5 bytes JMP 0000000077900260
.text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777a27d0 5 bytes JMP 0000000077900270
.text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777a27e0 5 bytes JMP 0000000077900400
.text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a29a0 5 bytes JMP 00000000779001f0
.text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777a29b0 5 bytes JMP 0000000077900210
.text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a2a20 5 bytes JMP 0000000077900200
.text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777a2a80 5 bytes JMP 0000000077900420
.text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777a2a90 5 bytes JMP 0000000077900430
.text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a2aa0 5 bytes JMP 0000000077900220
.text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777a2b80 5 bytes JMP 0000000077900280
.text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000077546440 5 bytes JMP 0000000169ff0038
.text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007758ef8d 1 byte [62]
.text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd828ef0 5 bytes JMP 000007fffd8100b8
.text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd82bfd0 5 bytes JMP 000007fffd810038
.text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefea37490 5 bytes JMP 000007fffd810138
.text C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4584] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 00000000772048db 5 bytes JMP 00000001100027c0
.text C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4584] C:\windows\syswow64\kernel32.dll!LoadLibraryW 00000000772048f3 5 bytes JMP 00000001100028a0
.text C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4584] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 0000000077204925 5 bytes JMP 0000000110002830
.text C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4584] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007722a2fd 1 byte [62]
.text C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4584] C:\windows\syswow64\ole32.dll!CoCreateInstance 00000000756f9d0b 5 bytes JMP 0000000110002900
.text C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4584] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075c21401 2 bytes JMP 7722b21b C:\windows\syswow64\kernel32.dll
.text C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4584] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075c21419 2 bytes JMP 7722b346 C:\windows\syswow64\kernel32.dll
.text C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4584] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075c21431 2 bytes JMP 772a8ea9 C:\windows\syswow64\kernel32.dll
.text C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4584] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075c2144a 2 bytes CALL 772048ad C:\windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4584] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075c214dd 2 bytes JMP 772a87a2 C:\windows\syswow64\kernel32.dll
.text C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4584] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075c214f5 2 bytes JMP 772a8978 C:\windows\syswow64\kernel32.dll
.text C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4584] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075c2150d 2 bytes JMP 772a8698 C:\windows\syswow64\kernel32.dll
.text C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4584] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075c21525 2 bytes JMP 772a8a62 C:\windows\syswow64\kernel32.dll
.text C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4584] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075c2153d 2 bytes JMP 7721fca8 C:\windows\syswow64\kernel32.dll
.text C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4584] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075c21555 2 bytes JMP 772268ef C:\windows\syswow64\kernel32.dll
.text C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4584] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075c2156d 2 bytes JMP 772a8f61 C:\windows\syswow64\kernel32.dll
.text C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4584] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075c21585 2 bytes JMP 772a8ac2 C:\windows\syswow64\kernel32.dll
.text C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4584] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075c2159d 2 bytes JMP 772a865c C:\windows\syswow64\kernel32.dll
.text C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4584] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075c215b5 2 bytes JMP 7721fd41 C:\windows\syswow64\kernel32.dll
.text C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4584] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075c215cd 2 bytes JMP 7722b2dc C:\windows\syswow64\kernel32.dll
.text C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4584] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075c216b2 2 bytes JMP 772a8e24 C:\windows\syswow64\kernel32.dll
.text C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4584] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075c216bd 2 bytes JMP 772a85f1 C:\windows\syswow64\kernel32.dll
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777a1360 5 bytes JMP 0000000077900460
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777a13b0 5 bytes JMP 0000000077900450
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777a1510 5 bytes JMP 0000000077900370
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777a1560 5 bytes JMP 0000000077900470
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a1570 5 bytes JMP 00000000779003e0
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a1620 5 bytes JMP 0000000077900320
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777a1650 5 bytes JMP 00000000779003b0
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777a1670 5 bytes JMP 0000000077900390
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777a16b0 5 bytes JMP 00000000779002e0
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a1730 5 bytes JMP 00000000779002d0
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a1750 5 bytes JMP 0000000077900310
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a1790 5 bytes JMP 00000000779003c0
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a17e0 5 bytes JMP 00000000779003f0
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777a1940 5 bytes JMP 0000000077900230
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a1b00 5 bytes JMP 0000000077900480
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777a1b30 5 bytes JMP 00000000779003a0
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a1c10 5 bytes JMP 00000000779002f0
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777a1c20 5 bytes JMP 0000000077900350
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a1c80 5 bytes JMP 0000000077900290
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a1d10 5 bytes JMP 00000000779002b0
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a1d30 5 bytes JMP 00000000779003d0
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777a1d40 5 bytes JMP 0000000077900330
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777a1db0 5 bytes JMP 0000000077900410
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777a1de0 5 bytes JMP 0000000077900240
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a20a0 5 bytes JMP 00000000779001e0
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777a2160 5 bytes JMP 0000000077900250
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777a2190 5 bytes JMP 0000000077900490
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777a21a0 5 bytes JMP 00000000779004a0
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777a21d0 5 bytes JMP 0000000077900300
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777a21e0 5 bytes JMP 0000000077900360
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777a2240 5 bytes JMP 00000000779002a0
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777a2290 5 bytes JMP 00000000779002c0
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777a22c0 5 bytes JMP 0000000077900380
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777a22d0 5 bytes JMP 0000000077900340
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777a25c0 5 bytes JMP 0000000077900440
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777a27c0 5 bytes JMP 0000000077900260
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777a27d0 5 bytes JMP 0000000077900270
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777a27e0 5 bytes JMP 0000000077900400
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a29a0 5 bytes JMP 00000000779001f0
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777a29b0 5 bytes JMP 0000000077900210
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a2a20 5 bytes JMP 0000000077900200
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777a2a80 5 bytes JMP 0000000077900420
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777a2a90 5 bytes JMP 0000000077900430
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a2aa0 5 bytes JMP 0000000077900220
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777a2b80 5 bytes JMP 0000000077900280
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000077546440 5 bytes JMP 0000000169ff0038
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007758ef8d 1 byte [62]
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd828ef0 5 bytes JMP 000007fffd7f00b8
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd82bfd0 5 bytes JMP 000007fffd7f0038
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\system32\WINMM.dll!waveOutReset 000007fefb1da38c 5 bytes JMP 000007fefd7f02b8
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\system32\WINMM.dll!waveOutPause 000007fefb1f4b60 5 bytes JMP 000007fefd7f0238
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\system32\WINMM.dll!waveOutRestart 000007fefb1f4ba0 5 bytes JMP 000007fefd7f01b8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4700] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007758ef8d 1 byte [62]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4780] C:\windows\syswow64\KERNEL32.dll!LoadLibraryExA 00000000772048db 5 bytes JMP 00000001100027c0
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4780] C:\windows\syswow64\KERNEL32.dll!LoadLibraryW 00000000772048f3 5 bytes JMP 00000001100028a0
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4780] C:\windows\syswow64\KERNEL32.dll!LoadLibraryExW 0000000077204925 5 bytes JMP 0000000110002830
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4780] C:\windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007722a2fd 1 byte [62]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4780] C:\windows\syswow64\ole32.dll!CoCreateInstance 00000000756f9d0b 5 bytes JMP 0000000110002900
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4780] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075c21401 2 bytes JMP 7722b21b C:\windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4780] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075c21419 2 bytes JMP 7722b346 C:\windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4780] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075c21431 2 bytes JMP 772a8ea9 C:\windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4780] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075c2144a 2 bytes CALL 772048ad C:\windows\syswow64\KERNEL32.dll
.text ... * 9
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4780] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075c214dd 2 bytes JMP 772a87a2 C:\windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4780] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075c214f5 2 bytes JMP 772a8978 C:\windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4780] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075c2150d 2 bytes JMP 772a8698 C:\windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4780] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075c21525 2 bytes JMP 772a8a62 C:\windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4780] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075c2153d 2 bytes JMP 7721fca8 C:\windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4780] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075c21555 2 bytes JMP 772268ef C:\windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4780] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075c2156d 2 bytes JMP 772a8f61 C:\windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4780] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075c21585 2 bytes JMP 772a8ac2 C:\windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4780] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075c2159d 2 bytes JMP 772a865c C:\windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4780] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075c215b5 2 bytes JMP 7721fd41 C:\windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4780] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075c215cd 2 bytes JMP 7722b2dc C:\windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4780] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075c216b2 2 bytes JMP 772a8e24 C:\windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4780] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075c216bd 2 bytes JMP 772a85f1 C:\windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777a1360 5 bytes JMP 0000000077900460
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777a13b0 5 bytes JMP 0000000077900450
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777a1510 5 bytes JMP 0000000077900370
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777a1560 5 bytes JMP 0000000077900470
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a1570 5 bytes JMP 00000000779003e0
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a1620 5 bytes JMP 0000000077900320
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777a1650 5 bytes JMP 00000000779003b0
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777a1670 5 bytes JMP 0000000077900390
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777a16b0 5 bytes JMP 00000000779002e0
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a1730 5 bytes JMP 00000000779002d0
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a1750 5 bytes JMP 0000000077900310
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a1790 5 bytes JMP 00000000779003c0
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a17e0 5 bytes JMP 00000000779003f0
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777a1940 5 bytes JMP 0000000077900230
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a1b00 5 bytes JMP 0000000077900480
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777a1b30 5 bytes JMP 00000000779003a0
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a1c10 5 bytes JMP 00000000779002f0
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777a1c20 5 bytes JMP 0000000077900350
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a1c80 5 bytes JMP 0000000077900290
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a1d10 5 bytes JMP 00000000779002b0
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a1d30 5 bytes JMP 00000000779003d0
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777a1d40 5 bytes JMP 0000000077900330
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777a1db0 5 bytes JMP 0000000077900410
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777a1de0 5 bytes JMP 0000000077900240
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a20a0 5 bytes JMP 00000000779001e0
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777a2160 5 bytes JMP 0000000077900250
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777a2190 5 bytes JMP 0000000077900490
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777a21a0 5 bytes JMP 00000000779004a0
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777a21d0 5 bytes JMP 0000000077900300
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777a21e0 5 bytes JMP 0000000077900360
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777a2240 5 bytes JMP 00000000779002a0
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777a2290 5 bytes JMP 00000000779002c0
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777a22c0 5 bytes JMP 0000000077900380
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777a22d0 5 bytes JMP 0000000077900340
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777a25c0 5 bytes JMP 0000000077900440
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777a27c0 5 bytes JMP 0000000077900260
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777a27d0 5 bytes JMP 0000000077900270
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777a27e0 5 bytes JMP 0000000077900400
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a29a0 5 bytes JMP 00000000779001f0
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777a29b0 5 bytes JMP 0000000077900210
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a2a20 5 bytes JMP 0000000077900200
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777a2a80 5 bytes JMP 0000000077900420
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777a2a90 5 bytes JMP 0000000077900430
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a2aa0 5 bytes JMP 0000000077900220
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777a2b80 5 bytes JMP 0000000077900280
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\system32\KERNEL32.dll!LoadLibraryW 0000000077546440 5 bytes JMP 0000000169ff0038
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007758ef8d 1 byte [62]
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd828ef0 5 bytes JMP 000007fffd8100b8
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd82bfd0 5 bytes JMP 000007fffd810038
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefea37490 5 bytes JMP 000007fffd810138
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777a1360 5 bytes JMP 0000000077900460
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777a13b0 5 bytes JMP 0000000077900450
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777a1510 5 bytes JMP 0000000077900370
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777a1560 5 bytes JMP 0000000077900470
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a1570 5 bytes JMP 00000000779003e0
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a1620 5 bytes JMP 0000000077900320
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777a1650 5 bytes JMP 00000000779003b0
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777a1670 5 bytes JMP 0000000077900390
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777a16b0 5 bytes JMP 00000000779002e0
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a1730 5 bytes JMP 00000000779002d0
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a1750 5 bytes JMP 0000000077900310
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a1790 5 bytes JMP 00000000779003c0
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a17e0 5 bytes JMP 00000000779003f0
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777a1940 5 bytes JMP 0000000077900230
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a1b00 5 bytes JMP 0000000077900480
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777a1b30 5 bytes JMP 00000000779003a0
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a1c10 5 bytes JMP 00000000779002f0
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777a1c20 5 bytes JMP 0000000077900350
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a1c80 5 bytes JMP 0000000077900290
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a1d10 5 bytes JMP 00000000779002b0
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a1d30 5 bytes JMP 00000000779003d0
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777a1d40 5 bytes JMP 0000000077900330
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777a1db0 5 bytes JMP 0000000077900410
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777a1de0 5 bytes JMP 0000000077900240
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a20a0 5 bytes JMP 00000000779001e0
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777a2160 5 bytes JMP 0000000077900250
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777a2190 5 bytes JMP 0000000077900490
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777a21a0 5 bytes JMP 00000000779004a0
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777a21d0 5 bytes JMP 0000000077900300
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777a21e0 5 bytes JMP 0000000077900360
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777a2240 5 bytes JMP 00000000779002a0
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777a2290 5 bytes JMP 00000000779002c0
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777a22c0 5 bytes JMP 0000000077900380
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777a22d0 5 bytes JMP 0000000077900340
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777a25c0 5 bytes JMP 0000000077900440
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777a27c0 5 bytes JMP 0000000077900260
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777a27d0 5 bytes JMP 0000000077900270
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777a27e0 5 bytes JMP 0000000077900400
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a29a0 5 bytes JMP 00000000779001f0
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777a29b0 5 bytes JMP 0000000077900210
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a2a20 5 bytes JMP 0000000077900200
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777a2a80 5 bytes JMP 0000000077900420
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777a2a90 5 bytes JMP 0000000077900430
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a2aa0 5 bytes JMP 0000000077900220
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777a2b80 5 bytes JMP 0000000077900280
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000077546440 5 bytes JMP 0000000169ff0038
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007758ef8d 1 byte [62]
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd828ef0 5 bytes JMP 000007fffd8100b8
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd82bfd0 5 bytes JMP 000007fffd810038
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefea37490 5 bytes JMP 000007fffd810138
.text C:\windows\System32\svchost.exe[5104] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777a1360 5 bytes JMP 0000000077900460
.text C:\windows\System32\svchost.exe[5104] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777a13b0 5 bytes JMP 0000000077900450
.text C:\windows\System32\svchost.exe[5104] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777a1510 5 bytes JMP 0000000077900370
.text C:\windows\System32\svchost.exe[5104] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777a1560 5 bytes JMP 0000000077900470
.text C:\windows\System32\svchost.exe[5104] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a1570 5 bytes JMP 00000000779003e0
.text C:\windows\System32\svchost.exe[5104] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a1620 5 bytes JMP 0000000077900320
.text C:\windows\System32\svchost.exe[5104] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777a1650 5 bytes JMP 00000000779003b0
.text C:\windows\System32\svchost.exe[5104] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777a1670 5 bytes JMP 0000000077900390
.text C:\windows\System32\svchost.exe[5104] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777a16b0 5 bytes JMP 00000000779002e0
.text C:\windows\System32\svchost.exe[5104] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a1730 5 bytes JMP 00000000779002d0
.text C:\windows\System32\svchost.exe[5104] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a1750 5 bytes JMP 0000000077900310
.text C:\windows\System32\svchost.exe[5104] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a1790 5 bytes JMP 00000000779003c0
.text C:\windows\System32\svchost.exe[5104] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a17e0 5 bytes JMP 00000000779003f0
.text C:\windows\System32\svchost.exe[5104] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777a1940 5 bytes JMP 0000000077900230
.text C:\windows\System32\svchost.exe[5104] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a1b00 5 bytes JMP 0000000077900480
.text C:\windows\System32\svchost.exe[5104] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777a1b30 5 bytes JMP 00000000779003a0
.text C:\windows\System32\svchost.exe[5104] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a1c10 5 bytes JMP 00000000779002f0
.text C:\windows\System32\svchost.exe[5104] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777a1c20 5 bytes JMP 0000000077900350
.text C:\windows\System32\svchost.exe[5104] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a1c80 5 bytes JMP 0000000077900290
.text C:\windows\System32\svchost.exe[5104] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a1d10 5 bytes JMP 00000000779002b0
.text C:\windows\System32\svchost.exe[5104] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a1d30 5 bytes JMP 00000000779003d0
.text C:\windows\System32\svchost.exe[5104] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777a1d40 5 bytes JMP 0000000077900330
.text C:\windows\System32\svchost.exe[5104] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777a1db0 5 bytes JMP 0000000077900410
.text C:\windows\System32\svchost.exe[5104] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777a1de0 5 bytes JMP 0000000077900240
.text C:\windows\System32\svchost.exe[5104] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a20a0 5 bytes JMP 00000000779001e0
.text C:\windows\System32\svchost.exe[5104] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777a2160 5 bytes JMP 0000000077900250
.text C:\windows\System32\svchost.exe[5104] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777a2190 5 bytes JMP 0000000077900490
.text C:\windows\System32\svchost.exe[5104] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777a21a0 5 bytes JMP 00000000779004a0
.text C:\windows\System32\svchost.exe[5104] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777a21d0 5 bytes JMP 0000000077900300
.text C:\windows\System32\svchost.exe[5104] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777a21e0 5 bytes JMP 0000000077900360
.text C:\windows\System32\svchost.exe[5104] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777a2240 5 bytes JMP 00000000779002a0
.text C:\windows\System32\svchost.exe[5104] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777a2290 5 bytes JMP 00000000779002c0
.text C:\windows\System32\svchost.exe[5104] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777a22c0 5 bytes JMP 0000000077900380
.text C:\windows\System32\svchost.exe[5104] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777a22d0 5 bytes JMP 0000000077900340
.text C:\windows\System32\svchost.exe[5104] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777a25c0 5 bytes JMP 0000000077900440
.text C:\windows\System32\svchost.exe[5104] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777a27c0 5 bytes JMP 0000000077900260
.text C:\windows\System32\svchost.exe[5104] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777a27d0 5 bytes JMP 0000000077900270
.text C:\windows\System32\svchost.exe[5104] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777a27e0 5 bytes JMP 0000000077900400
.text C:\windows\System32\svchost.exe[5104] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a29a0 5 bytes JMP 00000000779001f0
.text C:\windows\System32\svchost.exe[5104] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777a29b0 5 bytes JMP 0000000077900210
.text C:\windows\System32\svchost.exe[5104] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a2a20 5 bytes JMP 0000000077900200
.text C:\windows\System32\svchost.exe[5104] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777a2a80 5 bytes JMP 0000000077900420
.text C:\windows\System32\svchost.exe[5104] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777a2a90 5 bytes JMP 0000000077900430
.text C:\windows\System32\svchost.exe[5104] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a2aa0 5 bytes JMP 0000000077900220
.text C:\windows\System32\svchost.exe[5104] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777a2b80 5 bytes JMP 0000000077900280
.text C:\ProgramData\{559aac06-3e54-c069-559a-aac063e5b018}\hqghumeaylnlf.exe[4288] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007722a2fd 1 byte [62]
.text C:\ProgramData\{559aac06-3e54-c069-559a-aac063e5b018}\hqghumeaylnlf.exe[4288] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075c21401 2 bytes JMP 7722b21b C:\windows\syswow64\kernel32.dll
.text C:\ProgramData\{559aac06-3e54-c069-559a-aac063e5b018}\hqghumeaylnlf.exe[4288] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075c21419 2 bytes JMP 7722b346 C:\windows\syswow64\kernel32.dll
.text C:\ProgramData\{559aac06-3e54-c069-559a-aac063e5b018}\hqghumeaylnlf.exe[4288] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075c21431 2 bytes JMP 772a8ea9 C:\windows\syswow64\kernel32.dll
.text C:\ProgramData\{559aac06-3e54-c069-559a-aac063e5b018}\hqghumeaylnlf.exe[4288] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075c2144a 2 bytes CALL 772048ad C:\windows\syswow64\kernel32.dll
.text ... * 9
.text C:\ProgramData\{559aac06-3e54-c069-559a-aac063e5b018}\hqghumeaylnlf.exe[4288] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075c214dd 2 bytes JMP 772a87a2 C:\windows\syswow64\kernel32.dll
.text C:\ProgramData\{559aac06-3e54-c069-559a-aac063e5b018}\hqghumeaylnlf.exe[4288] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075c214f5 2 bytes JMP 772a8978 C:\windows\syswow64\kernel32.dll
.text C:\ProgramData\{559aac06-3e54-c069-559a-aac063e5b018}\hqghumeaylnlf.exe[4288] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075c2150d 2 bytes JMP 772a8698 C:\windows\syswow64\kernel32.dll
.text C:\ProgramData\{559aac06-3e54-c069-559a-aac063e5b018}\hqghumeaylnlf.exe[4288] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075c21525 2 bytes JMP 772a8a62 C:\windows\syswow64\kernel32.dll
.text C:\ProgramData\{559aac06-3e54-c069-559a-aac063e5b018}\hqghumeaylnlf.exe[4288] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075c2153d 2 bytes JMP 7721fca8 C:\windows\syswow64\kernel32.dll
.text C:\ProgramData\{559aac06-3e54-c069-559a-aac063e5b018}\hqghumeaylnlf.exe[4288] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075c21555 2 bytes JMP 772268ef C:\windows\syswow64\kernel32.dll
.text C:\ProgramData\{559aac06-3e54-c069-559a-aac063e5b018}\hqghumeaylnlf.exe[4288] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075c2156d 2 bytes JMP 772a8f61 C:\windows\syswow64\kernel32.dll
.text C:\ProgramData\{559aac06-3e54-c069-559a-aac063e5b018}\hqghumeaylnlf.exe[4288] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075c21585 2 bytes JMP 772a8ac2 C:\windows\syswow64\kernel32.dll
.text C:\ProgramData\{559aac06-3e54-c069-559a-aac063e5b018}\hqghumeaylnlf.exe[4288] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075c2159d 2 bytes JMP 772a865c C:\windows\syswow64\kernel32.dll
.text C:\ProgramData\{559aac06-3e54-c069-559a-aac063e5b018}\hqghumeaylnlf.exe[4288] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075c215b5 2 bytes JMP 7721fd41 C:\windows\syswow64\kernel32.dll
.text C:\ProgramData\{559aac06-3e54-c069-559a-aac063e5b018}\hqghumeaylnlf.exe[4288] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075c215cd 2 bytes JMP 7722b2dc C:\windows\syswow64\kernel32.dll
.text C:\ProgramData\{559aac06-3e54-c069-559a-aac063e5b018}\hqghumeaylnlf.exe[4288] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075c216b2 2 bytes JMP 772a8e24 C:\windows\syswow64\kernel32.dll
.text C:\ProgramData\{559aac06-3e54-c069-559a-aac063e5b018}\hqghumeaylnlf.exe[4288] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075c216bd 2 bytes JMP 772a85f1 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe[4272] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 00000000772048db 5 bytes JMP 00000001100027c0
.text C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe[4272] C:\windows\syswow64\kernel32.dll!LoadLibraryW 00000000772048f3 5 bytes JMP 00000001100028a0
.text C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe[4272] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 0000000077204925 5 bytes JMP 0000000110002830
.text C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe[4272] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007722a2fd 1 byte [62]
.text C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe[4272] C:\windows\syswow64\ole32.dll!CoCreateInstance 00000000756f9d0b 5 bytes JMP 0000000110002900
.text C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe[4272] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075c21401 2 bytes JMP 7722b21b C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe[4272] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075c21419 2 bytes JMP 7722b346 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe[4272] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075c21431 2 bytes JMP 772a8ea9 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe[4272] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075c2144a 2 bytes CALL 772048ad C:\windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe[4272] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075c214dd 2 bytes JMP 772a87a2 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe[4272] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075c214f5 2 bytes JMP 772a8978 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe[4272] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075c2150d 2 bytes JMP 772a8698 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe[4272] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075c21525 2 bytes JMP 772a8a62 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe[4272] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075c2153d 2 bytes JMP 7721fca8 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe[4272] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075c21555 2 bytes JMP 772268ef C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe[4272] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075c2156d 2 bytes JMP 772a8f61 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe[4272] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075c21585 2 bytes JMP 772a8ac2 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe[4272] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075c2159d 2 bytes JMP 772a865c C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe[4272] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075c215b5 2 bytes JMP 7721fd41 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe[4272] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075c215cd 2 bytes JMP 7722b2dc C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe[4272] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075c216b2 2 bytes JMP 772a8e24 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe[4272] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075c216bd 2 bytes JMP 772a85f1 C:\windows\syswow64\kernel32.dll
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe[4332] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 00000000772048db 5 bytes JMP 00000001003927c0
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe[4332] C:\windows\syswow64\kernel32.dll!LoadLibraryW 00000000772048f3 5 bytes JMP 00000001003928a0
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe[4332] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 0000000077204925 5 bytes JMP 0000000100392830
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe[4332] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007722a2fd 1 byte [62]
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe[4332] C:\windows\syswow64\ole32.dll!CoCreateInstance 00000000756f9d0b 5 bytes JMP 0000000100392900
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe[4332] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075c21401 2 bytes JMP 7722b21b C:\windows\syswow64\kernel32.dll
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe[4332] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075c21419 2 bytes JMP 7722b346 C:\windows\syswow64\kernel32.dll
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe[4332] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075c21431 2 bytes JMP 772a8ea9 C:\windows\syswow64\kernel32.dll
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe[4332] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075c2144a 2 bytes CALL 772048ad C:\windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe[4332] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075c214dd 2 bytes JMP 772a87a2 C:\windows\syswow64\kernel32.dll
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe[4332] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075c214f5 2 bytes JMP 772a8978 C:\windows\syswow64\kernel32.dll
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe[4332] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075c2150d 2 bytes JMP 772a8698 C:\windows\syswow64\kernel32.dll
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe[4332] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075c21525 2 bytes JMP 772a8a62 C:\windows\syswow64\kernel32.dll
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe[4332] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075c2153d 2 bytes JMP 7721fca8 C:\windows\syswow64\kernel32.dll
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe[4332] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075c21555 2 bytes JMP 772268ef C:\windows\syswow64\kernel32.dll
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe[4332] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075c2156d 2 bytes JMP 772a8f61 C:\windows\syswow64\kernel32.dll
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe[4332] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075c21585 2 bytes JMP 772a8ac2 C:\windows\syswow64\kernel32.dll
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe[4332] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075c2159d 2 bytes JMP 772a865c C:\windows\syswow64\kernel32.dll
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe[4332] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075c215b5 2 bytes JMP 7721fd41 C:\windows\syswow64\kernel32.dll
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe[4332] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075c215cd 2 bytes JMP 7722b2dc C:\windows\syswow64\kernel32.dll
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe[4332] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075c216b2 2 bytes JMP 772a8e24 C:\windows\syswow64\kernel32.dll
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe[4332] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075c216bd 2 bytes JMP 772a85f1 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4652] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 00000000772048db 5 bytes JMP 00000001002e27c0
.text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4652] C:\windows\syswow64\kernel32.dll!LoadLibraryW 00000000772048f3 5 bytes JMP 00000001002e28a0
.text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4652] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 0000000077204925 5 bytes JMP 00000001002e2830
.text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4652] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007722a2fd 1 byte [62]
.text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4652] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075c21401 2 bytes JMP 7722b21b C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4652] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075c21419 2 bytes JMP 7722b346 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4652] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075c21431 2 bytes JMP 772a8ea9 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4652] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075c2144a 2 bytes CALL 772048ad C:\windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4652] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075c214dd 2 bytes JMP 772a87a2 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4652] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075c214f5 2 bytes JMP 772a8978 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4652] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075c2150d 2 bytes JMP 772a8698 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4652] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075c21525 2 bytes JMP 772a8a62 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4652] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075c2153d 2 bytes JMP 7721fca8 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4652] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075c21555 2 bytes JMP 772268ef C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4652] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075c2156d 2 bytes JMP 772a8f61 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4652] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075c21585 2 bytes JMP 772a8ac2 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4652] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075c2159d 2 bytes JMP 772a865c C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4652] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075c215b5 2 bytes JMP 7721fd41 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4652] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075c215cd 2 bytes JMP 7722b2dc C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4652] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075c216b2 2 bytes JMP 772a8e24 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4652] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075c216bd 2 bytes JMP 772a85f1 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4652] C:\windows\syswow64\ole32.dll!CoCreateInstance 00000000756f9d0b 5 bytes JMP 00000001002e2900
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2900]
|
|
09.04.2015, 12:54
| #10 |
| | gmer 6Code:
ATTFilter C:\windows\syswow64\kernel32.dll!LoadLibraryExA 00000000772048db 5 bytes JMP 00000001100027c0
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2900] C:\windows\syswow64\kernel32.dll!LoadLibraryW 00000000772048f3 5 bytes JMP 00000001100028a0
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2900] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 0000000077204925 5 bytes JMP 0000000110002830
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2900] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007722a2fd 1 byte [62]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2900] C:\windows\syswow64\ole32.dll!CoCreateInstance 00000000756f9d0b 5 bytes JMP 0000000110002900
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2900] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075c21401 2 bytes JMP 7722b21b C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2900] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075c21419 2 bytes JMP 7722b346 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2900] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075c21431 2 bytes JMP 772a8ea9 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2900] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075c2144a 2 bytes CALL 772048ad C:\windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2900] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075c214dd 2 bytes JMP 772a87a2 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2900] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075c214f5 2 bytes JMP 772a8978 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2900] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075c2150d 2 bytes JMP 772a8698 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2900] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075c21525 2 bytes JMP 772a8a62 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2900] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075c2153d 2 bytes JMP 7721fca8 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2900] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075c21555 2 bytes JMP 772268ef C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2900] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075c2156d 2 bytes JMP 772a8f61 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2900] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075c21585 2 bytes JMP 772a8ac2 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2900] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075c2159d 2 bytes JMP 772a865c C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2900] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075c215b5 2 bytes JMP 7721fd41 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2900] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075c215cd 2 bytes JMP 7722b2dc C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2900] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075c216b2 2 bytes JMP 772a8e24 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2900] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075c216bd 2 bytes JMP 772a85f1 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2852] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 00000000772048db 5 bytes JMP 00000001100027c0
.text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2852] C:\windows\syswow64\kernel32.dll!LoadLibraryW 00000000772048f3 5 bytes JMP 00000001100028a0
.text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2852] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 0000000077204925 5 bytes JMP 0000000110002830
.text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2852] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007722a2fd 1 byte [62]
.text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2852] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075c21401 2 bytes JMP 7722b21b C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2852] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075c21419 2 bytes JMP 7722b346 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2852] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075c21431 2 bytes JMP 772a8ea9 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2852] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075c2144a 2 bytes CALL 772048ad C:\windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2852] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075c214dd 2 bytes JMP 772a87a2 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2852] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075c214f5 2 bytes JMP 772a8978 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2852] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075c2150d 2 bytes JMP 772a8698 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2852] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075c21525 2 bytes JMP 772a8a62 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2852] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075c2153d 2 bytes JMP 7721fca8 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2852] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075c21555 2 bytes JMP 772268ef C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2852] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075c2156d 2 bytes JMP 772a8f61 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2852] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075c21585 2 bytes JMP 772a8ac2 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2852] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075c2159d 2 bytes JMP 772a865c C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2852] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075c215b5 2 bytes JMP 7721fd41 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2852] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075c215cd 2 bytes JMP 7722b2dc C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2852] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075c216b2 2 bytes JMP 772a8e24 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2852] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075c216bd 2 bytes JMP 772a85f1 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2852] C:\windows\syswow64\ole32.dll!CoCreateInstance 00000000756f9d0b 5 bytes JMP 0000000110002900
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2520] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 00000000772048db 5 bytes JMP 00000001100027c0
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2520] C:\windows\syswow64\kernel32.dll!LoadLibraryW 00000000772048f3 5 bytes JMP 00000001100028a0
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2520] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 0000000077204925 5 bytes JMP 0000000110002830
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2520] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007722a2fd 1 byte [62]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2520] C:\windows\syswow64\ole32.dll!CoCreateInstance 00000000756f9d0b 5 bytes JMP 0000000110002900
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2520] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075c21401 2 bytes JMP 7722b21b C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2520] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075c21419 2 bytes JMP 7722b346 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2520] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075c21431 2 bytes JMP 772a8ea9 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2520] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075c2144a 2 bytes CALL 772048ad C:\windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2520] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075c214dd 2 bytes JMP 772a87a2 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2520] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075c214f5 2 bytes JMP 772a8978 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2520] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075c2150d 2 bytes JMP 772a8698 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2520] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075c21525 2 bytes JMP 772a8a62 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2520] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075c2153d 2 bytes JMP 7721fca8 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2520] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075c21555 2 bytes JMP 772268ef C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2520] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075c2156d 2 bytes JMP 772a8f61 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2520] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075c21585 2 bytes JMP 772a8ac2 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2520] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075c2159d 2 bytes JMP 772a865c C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2520] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075c215b5 2 bytes JMP 7721fd41 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2520] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075c215cd 2 bytes JMP 7722b2dc C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2520] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075c216b2 2 bytes JMP 772a8e24 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2520] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075c216bd 2 bytes JMP 772a85f1 C:\windows\syswow64\kernel32.dll
.text C:\windows\system32\wbem\wmiprvse.exe[2600] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777a1360 5 bytes JMP 0000000077900460
.text C:\windows\system32\wbem\wmiprvse.exe[2600] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777a13b0 5 bytes JMP 0000000077900450
.text C:\windows\system32\wbem\wmiprvse.exe[2600] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777a1510 5 bytes JMP 0000000077900370
.text C:\windows\system32\wbem\wmiprvse.exe[2600] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777a1560 5 bytes JMP 0000000077900470
.text C:\windows\system32\wbem\wmiprvse.exe[2600] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a1570 5 bytes JMP 00000000779003e0
.text C:\windows\system32\wbem\wmiprvse.exe[2600] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a1620 5 bytes JMP 0000000077900320
.text C:\windows\system32\wbem\wmiprvse.exe[2600] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777a1650 5 bytes JMP 00000000779003b0
.text C:\windows\system32\wbem\wmiprvse.exe[2600] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777a1670 5 bytes JMP 0000000077900390
.text C:\windows\system32\wbem\wmiprvse.exe[2600] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777a16b0 5 bytes JMP 00000000779002e0
.text C:\windows\system32\wbem\wmiprvse.exe[2600] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a1730 5 bytes JMP 00000000779002d0
.text C:\windows\system32\wbem\wmiprvse.exe[2600] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a1750 5 bytes JMP 0000000077900310
.text C:\windows\system32\wbem\wmiprvse.exe[2600] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a1790 5 bytes JMP 00000000779003c0
.text C:\windows\system32\wbem\wmiprvse.exe[2600] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a17e0 5 bytes JMP 00000000779003f0
.text C:\windows\system32\wbem\wmiprvse.exe[2600] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777a1940 5 bytes JMP 0000000077900230
.text C:\windows\system32\wbem\wmiprvse.exe[2600] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a1b00 5 bytes JMP 0000000077900480
.text C:\windows\system32\wbem\wmiprvse.exe[2600] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777a1b30 5 bytes JMP 00000000779003a0
.text C:\windows\system32\wbem\wmiprvse.exe[2600] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a1c10 5 bytes JMP 00000000779002f0
.text C:\windows\system32\wbem\wmiprvse.exe[2600] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777a1c20 5 bytes JMP 0000000077900350
.text C:\windows\system32\wbem\wmiprvse.exe[2600] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a1c80 5 bytes JMP 0000000077900290
.text C:\windows\system32\wbem\wmiprvse.exe[2600] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a1d10 5 bytes JMP 00000000779002b0
.text C:\windows\system32\wbem\wmiprvse.exe[2600] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a1d30 5 bytes JMP 00000000779003d0
.text C:\windows\system32\wbem\wmiprvse.exe[2600] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777a1d40 5 bytes JMP 0000000077900330
.text C:\windows\system32\wbem\wmiprvse.exe[2600] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777a1db0 5 bytes JMP 0000000077900410
.text C:\windows\system32\wbem\wmiprvse.exe[2600] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777a1de0 5 bytes JMP 0000000077900240
.text C:\windows\system32\wbem\wmiprvse.exe[2600] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a20a0 5 bytes JMP 00000000779001e0
.text C:\windows\system32\wbem\wmiprvse.exe[2600] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777a2160 5 bytes JMP 0000000077900250
.text C:\windows\system32\wbem\wmiprvse.exe[2600] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777a2190 5 bytes JMP 0000000077900490
.text C:\windows\system32\wbem\wmiprvse.exe[2600] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777a21a0 5 bytes JMP 00000000779004a0
.text C:\windows\system32\wbem\wmiprvse.exe[2600] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777a21d0 5 bytes JMP 0000000077900300
.text C:\windows\system32\wbem\wmiprvse.exe[2600] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777a21e0 5 bytes JMP 0000000077900360
.text C:\windows\system32\wbem\wmiprvse.exe[2600] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777a2240 5 bytes JMP 00000000779002a0
.text C:\windows\system32\wbem\wmiprvse.exe[2600] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777a2290 5 bytes JMP 00000000779002c0
.text C:\windows\system32\wbem\wmiprvse.exe[2600] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777a22c0 5 bytes JMP 0000000077900380
.text C:\windows\system32\wbem\wmiprvse.exe[2600] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777a22d0 5 bytes JMP 0000000077900340
.text C:\windows\system32\wbem\wmiprvse.exe[2600] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777a25c0 5 bytes JMP 0000000077900440
.text C:\windows\system32\wbem\wmiprvse.exe[2600] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777a27c0 5 bytes JMP 0000000077900260
.text C:\windows\system32\wbem\wmiprvse.exe[2600] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777a27d0 5 bytes JMP 0000000077900270
.text C:\windows\system32\wbem\wmiprvse.exe[2600] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777a27e0 5 bytes JMP 0000000077900400
.text C:\windows\system32\wbem\wmiprvse.exe[2600] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a29a0 5 bytes JMP 00000000779001f0
.text C:\windows\system32\wbem\wmiprvse.exe[2600] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777a29b0 5 bytes JMP 0000000077900210
.text C:\windows\system32\wbem\wmiprvse.exe[2600] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a2a20 5 bytes JMP 0000000077900200
.text C:\windows\system32\wbem\wmiprvse.exe[2600] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777a2a80 5 bytes JMP 0000000077900420
.text C:\windows\system32\wbem\wmiprvse.exe[2600] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777a2a90 5 bytes JMP 0000000077900430
.text C:\windows\system32\wbem\wmiprvse.exe[2600] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a2aa0 5 bytes JMP 0000000077900220
.text C:\windows\system32\wbem\wmiprvse.exe[2600] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777a2b80 5 bytes JMP 0000000077900280
.text C:\Program Files\AVAST Software\Avast\avastui.exe[3228] C:\windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000077208791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...]
.text C:\Program Files\AVAST Software\Avast\avastui.exe[3228] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007722a2fd 1 byte [62]
.text C:\Program Files\AVAST Software\Avast\avastui.exe[3228] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075c21401 2 bytes JMP 7722b21b C:\windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\avastui.exe[3228] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075c21419 2 bytes JMP 7722b346 C:\windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\avastui.exe[3228] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075c21431 2 bytes JMP 772a8ea9 C:\windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\avastui.exe[3228] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075c2144a 2 bytes CALL 772048ad C:\windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files\AVAST Software\Avast\avastui.exe[3228] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075c214dd 2 bytes JMP 772a87a2 C:\windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\avastui.exe[3228] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075c214f5 2 bytes JMP 772a8978 C:\windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\avastui.exe[3228] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075c2150d 2 bytes JMP 772a8698 C:\windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\avastui.exe[3228] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075c21525 2 bytes JMP 772a8a62 C:\windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\avastui.exe[3228] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075c2153d 2 bytes JMP 7721fca8 C:\windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\avastui.exe[3228] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075c21555 2 bytes JMP 772268ef C:\windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\avastui.exe[3228] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075c2156d 2 bytes JMP 772a8f61 C:\windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\avastui.exe[3228] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075c21585 2 bytes JMP 772a8ac2 C:\windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\avastui.exe[3228] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075c2159d 2 bytes JMP 772a865c C:\windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\avastui.exe[3228] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075c215b5 2 bytes JMP 7721fd41 C:\windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\avastui.exe[3228] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075c215cd 2 bytes JMP 7722b2dc C:\windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\avastui.exe[3228] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075c216b2 2 bytes JMP 772a8e24 C:\windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\avastui.exe[3228] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075c216bd 2 bytes JMP 772a85f1 C:\windows\syswow64\kernel32.dll
.text C:\Program Files\iPod\bin\iPodService.exe[5620] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777a1360 5 bytes JMP 0000000077900460
.text C:\Program Files\iPod\bin\iPodService.exe[5620] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777a13b0 5 bytes JMP 0000000077900450
.text C:\Program Files\iPod\bin\iPodService.exe[5620] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777a1510 5 bytes JMP 0000000077900370
.text C:\Program Files\iPod\bin\iPodService.exe[5620] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777a1560 5 bytes JMP 0000000077900470
.text C:\Program Files\iPod\bin\iPodService.exe[5620] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a1570 5 bytes JMP 00000000779003e0
.text C:\Program Files\iPod\bin\iPodService.exe[5620] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a1620 5 bytes JMP 0000000077900320
.text C:\Program Files\iPod\bin\iPodService.exe[5620] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777a1650 5 bytes JMP 00000000779003b0
.text C:\Program Files\iPod\bin\iPodService.exe[5620] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777a1670 5 bytes JMP 0000000077900390
.text C:\Program Files\iPod\bin\iPodService.exe[5620] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777a16b0 5 bytes JMP 00000000779002e0
.text C:\Program Files\iPod\bin\iPodService.exe[5620] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a1730 5 bytes JMP 00000000779002d0
.text C:\Program Files\iPod\bin\iPodService.exe[5620] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a1750 5 bytes JMP 0000000077900310
.text C:\Program Files\iPod\bin\iPodService.exe[5620] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a1790 5 bytes JMP 00000000779003c0
.text C:\Program Files\iPod\bin\iPodService.exe[5620] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a17e0 5 bytes JMP 00000000779003f0
.text C:\Program Files\iPod\bin\iPodService.exe[5620] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777a1940 5 bytes JMP 0000000077900230
.text C:\Program Files\iPod\bin\iPodService.exe[5620] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a1b00 5 bytes JMP 0000000077900480
.text C:\Program Files\iPod\bin\iPodService.exe[5620] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777a1b30 5 bytes JMP 00000000779003a0
.text C:\Program Files\iPod\bin\iPodService.exe[5620] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a1c10 5 bytes JMP 00000000779002f0
.text C:\Program Files\iPod\bin\iPodService.exe[5620] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777a1c20 5 bytes JMP 0000000077900350
.text C:\Program Files\iPod\bin\iPodService.exe[5620] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a1c80 5 bytes JMP 0000000077900290
.text C:\Program Files\iPod\bin\iPodService.exe[5620] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a1d10 5 bytes JMP 00000000779002b0
.text C:\Program Files\iPod\bin\iPodService.exe[5620] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a1d30 5 bytes JMP 00000000779003d0
.text C:\Program Files\iPod\bin\iPodService.exe[5620] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777a1d40 5 bytes JMP 0000000077900330
.text C:\Program Files\iPod\bin\iPodService.exe[5620] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777a1db0 5 bytes JMP 0000000077900410
.text C:\Program Files\iPod\bin\iPodService.exe[5620] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777a1de0 5 bytes JMP 0000000077900240
.text C:\Program Files\iPod\bin\iPodService.exe[5620] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a20a0 5 bytes JMP 00000000779001e0
.text C:\Program Files\iPod\bin\iPodService.exe[5620] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777a2160 5 bytes JMP 0000000077900250
.text C:\Program Files\iPod\bin\iPodService.exe[5620] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777a2190 5 bytes JMP 0000000077900490
.text C:\Program Files\iPod\bin\iPodService.exe[5620] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777a21a0 5 bytes JMP 00000000779004a0
.text C:\Program Files\iPod\bin\iPodService.exe[5620] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777a21d0 5 bytes JMP 0000000077900300
.text C:\Program Files\iPod\bin\iPodService.exe[5620] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777a21e0 5 bytes JMP 0000000077900360
.text C:\Program Files\iPod\bin\iPodService.exe[5620] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777a2240 5 bytes JMP 00000000779002a0
.text C:\Program Files\iPod\bin\iPodService.exe[5620] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777a2290 5 bytes JMP 00000000779002c0
.text C:\Program Files\iPod\bin\iPodService.exe[5620] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777a22c0 5 bytes JMP 0000000077900380
.text C:\Program Files\iPod\bin\iPodService.exe[5620] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777a22d0 5 bytes JMP 0000000077900340
.text C:\Program Files\iPod\bin\iPodService.exe[5620] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777a25c0 5 bytes JMP 0000000077900440
.text C:\Program Files\iPod\bin\iPodService.exe[5620] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777a27c0 5 bytes JMP 0000000077900260
.text C:\Program Files\iPod\bin\iPodService.exe[5620] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777a27d0 5 bytes JMP 0000000077900270
.text C:\Program Files\iPod\bin\iPodService.exe[5620] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777a27e0 5 bytes JMP 0000000077900400
.text C:\Program Files\iPod\bin\iPodService.exe[5620] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a29a0 5 bytes JMP 00000000779001f0
.text C:\Program Files\iPod\bin\iPodService.exe[5620] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777a29b0 5 bytes JMP 0000000077900210
.text C:\Program Files\iPod\bin\iPodService.exe[5620] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a2a20 5 bytes JMP 0000000077900200
.text C:\Program Files\iPod\bin\iPodService.exe[5620] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777a2a80 5 bytes JMP 0000000077900420
.text C:\Program Files\iPod\bin\iPodService.exe[5620] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777a2a90 5 bytes JMP 0000000077900430
.text C:\Program Files\iPod\bin\iPodService.exe[5620] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a2aa0 5 bytes JMP 0000000077900220
.text C:\Program Files\iPod\bin\iPodService.exe[5620] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777a2b80 5 bytes JMP 0000000077900280
.text C:\Program Files\iPod\bin\iPodService.exe[1768] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007722a2fd 1 byte [62]
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777a1360 5 bytes JMP 00000001002a0460
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777a13b0 5 bytes JMP 00000001002a0450
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777a1510 5 bytes JMP 00000001002a0370
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777a1560 5 bytes JMP 00000001002a0470
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a1570 5 bytes JMP 00000001002a03e0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a1620 5 bytes JMP 00000001002a0320
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777a1650 5 bytes JMP 00000001002a03b0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777a1670 5 bytes JMP 00000001002a0390
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777a16b0 5 bytes JMP 00000001002a02e0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a1730 5 bytes JMP 00000001002a02d0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a1750 5 bytes JMP 00000001002a0310
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a1790 5 bytes JMP 00000001002a03c0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a17e0 5 bytes JMP 00000001002a03f0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777a1940 5 bytes JMP 00000001002a0230
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a1b00 5 bytes JMP 00000001002a0480
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777a1b30 5 bytes JMP 00000001002a03a0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a1c10 5 bytes JMP 00000001002a02f0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777a1c20 5 bytes JMP 00000001002a0350
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a1c80 5 bytes JMP 00000001002a0290
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a1d10 5 bytes JMP 00000001002a02b0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a1d30 5 bytes JMP 00000001002a03d0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777a1d40 5 bytes JMP 00000001002a0330
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777a1db0 5 bytes JMP 00000001002a0410
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777a1de0 5 bytes JMP 00000001002a0240
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a20a0 5 bytes JMP 00000001002a01e0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777a2160 5 bytes JMP 00000001002a0250
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777a2190 5 bytes JMP 00000001002a0490
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777a21a0 5 bytes JMP 00000001002a04a0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777a21d0 5 bytes JMP 00000001002a0300
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777a21e0 5 bytes JMP 00000001002a0360
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777a2240 5 bytes JMP 00000001002a02a0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777a2290 5 bytes JMP 00000001002a02c0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777a22c0 5 bytes JMP 00000001002a0380
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777a22d0 5 bytes JMP 00000001002a0340
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777a25c0 5 bytes JMP 00000001002a0440
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777a27c0 5 bytes JMP 00000001002a0260
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777a27d0 5 bytes JMP 00000001002a0270
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777a27e0 5 bytes JMP 00000001002a0400
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a29a0 5 bytes JMP 00000001002a01f0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777a29b0 5 bytes JMP 00000001002a0210
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a2a20 5 bytes JMP 00000001002a0200
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777a2a80 5 bytes JMP 00000001002a0420
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777a2a90 5 bytes JMP 00000001002a0430
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a2aa0 5 bytes JMP 00000001002a0220
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777a2b80 5 bytes JMP 00000001002a0280
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5528] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefea37490 5 bytes JMP 000007fffd810138
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777a1360 5 bytes JMP 0000000077900460
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777a13b0 5 bytes JMP 0000000077900450
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777a1510 5 bytes JMP 0000000077900370
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777a1560 5 bytes JMP 0000000077900470
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a1570 5 bytes JMP 00000000779003e0
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a1620 5 bytes JMP 0000000077900320
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777a1650 5 bytes JMP 00000000779003b0
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777a1670 5 bytes JMP 0000000077900390
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777a16b0 5 bytes JMP 00000000779002e0
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a1730 5 bytes JMP 00000000779002d0
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a1750 5 bytes JMP 0000000077900310
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a1790 5 bytes JMP 00000000779003c0
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a17e0 5 bytes JMP 00000000779003f0
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777a1940 5 bytes JMP 0000000077900230
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a1b00 5 bytes JMP 0000000077900480
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777a1b30 5 bytes JMP 00000000779003a0
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a1c10 5 bytes JMP 00000000779002f0
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777a1c20 5 bytes JMP 0000000077900350
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a1c80 5 bytes JMP 0000000077900290
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a1d10 5 bytes JMP 00000000779002b0
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a1d30 5 bytes JMP 00000000779003d0
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777a1d40 5 bytes JMP 0000000077900330
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777a1db0 5 bytes JMP 0000000077900410
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777a1de0 5 bytes JMP 0000000077900240
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a20a0 5 bytes JMP 00000000779001e0
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777a2160 5 bytes JMP 0000000077900250
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777a2190 5 bytes JMP 0000000077900490
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777a21a0 5 bytes JMP 00000000779004a0
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777a21d0 5 bytes JMP 0000000077900300
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777a21e0 5 bytes JMP 0000000077900360
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777a2240 5 bytes JMP 00000000779002a0
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777a2290 5 bytes JMP 00000000779002c0
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777a22c0 5 bytes JMP 0000000077900380
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777a22d0 5 bytes JMP 0000000077900340
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777a25c0 5 bytes JMP 0000000077900440
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777a27c0 5 bytes JMP 0000000077900260
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777a27d0 5 bytes JMP 0000000077900270
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777a27e0 5 bytes JMP 0000000077900400
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a29a0 5 bytes JMP 00000000779001f0
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777a29b0 5 bytes JMP 0000000077900210
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a2a20 5 bytes JMP 0000000077900200
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777a2a80 5 bytes JMP 0000000077900420
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777a2a90 5 bytes JMP 0000000077900430
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a2aa0 5 bytes JMP 0000000077900220
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777a2b80 5 bytes JMP 0000000077900280
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000077546440 5 bytes JMP 0000000169ff0038
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007758ef8d 1 byte [62]
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd828ef0 5 bytes JMP 000007fffd8100b8
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd82bfd0 5 bytes JMP 000007fffd810038
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefea37490 5 bytes JMP 000007fffd810138
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4252] C:\windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007722a2fd 1 byte [62]
.text c:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe[5336] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007722a2fd 1 byte [62]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5452] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007722a2fd 1 byte [62]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5452] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075c21401 2 bytes JMP 7722b21b C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5452] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075c21419 2 bytes JMP 7722b346 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5452] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075c21431 2 bytes JMP 772a8ea9 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5452] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075c2144a 2 bytes CALL 772048ad C:\windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5452] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075c214dd 2 bytes JMP 772a87a2 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5452] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075c214f5 2 bytes JMP 772a8978 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5452] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075c2150d 2 bytes JMP 772a8698 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5452] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075c21525 2 bytes JMP 772a8a62 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5452] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075c2153d 2 bytes JMP 7721fca8 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5452] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075c21555 2 bytes JMP 772268ef C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5452] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075c2156d 2 bytes JMP 772a8f61 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5452] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075c21585 2 bytes JMP 772a8ac2 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5452] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075c2159d 2 bytes JMP 772a865c C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5452] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075c215b5 2 bytes JMP 7721fd41 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5452] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075c215cd 2 bytes JMP 7722b2dc C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5452] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075c216b2 2 bytes JMP 772a8e24 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5452] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075c216bd 2 bytes JMP 772a85f1 C:\windows\syswow64\kernel32.dll
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777a1360 5 bytes JMP 0000000077900460
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777a13b0 5 bytes JMP 0000000077900450
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777a1510 5 bytes JMP 0000000077900370
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777a1560 5 bytes JMP 0000000077900470
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a1570 5 bytes JMP 00000000779003e0
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a1620 5 bytes JMP 0000000077900320
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777a1650 5 bytes JMP 00000000779003b0
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777a1670 5 bytes JMP 0000000077900390
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777a16b0 5 bytes JMP 00000000779002e0
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a1730 5 bytes JMP 00000000779002d0
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a1750 5 bytes JMP 0000000077900310
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a1790 5 bytes JMP 00000000779003c0
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a17e0 5 bytes JMP 00000000779003f0
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777a1940 5 bytes JMP 0000000077900230
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a1b00 5 bytes JMP 0000000077900480
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777a1b30 5 bytes JMP 00000000779003a0
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a1c10 5 bytes JMP 00000000779002f0
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777a1c20 5 bytes JMP 0000000077900350
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a1c80 5 bytes JMP 0000000077900290
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a1d10 5 bytes JMP 00000000779002b0
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a1d30 5 bytes JMP 00000000779003d0
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777a1d40 5 bytes JMP 0000000077900330
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777a1db0 5 bytes JMP 0000000077900410
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777a1de0 5 bytes JMP 0000000077900240
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a20a0 5 bytes JMP 00000000779001e0
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777a2160 5 bytes JMP 0000000077900250
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777a2190 5 bytes JMP 0000000077900490
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777a21a0 5 bytes JMP 00000000779004a0
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777a21d0 5 bytes JMP 0000000077900300
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777a21e0 5 bytes JMP 0000000077900360
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777a2240 5 bytes JMP 00000000779002a0
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777a2290 5 bytes JMP 00000000779002c0
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777a22c0 5 bytes JMP 0000000077900380
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777a22d0 5 bytes JMP 0000000077900340
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777a25c0 5 bytes JMP 0000000077900440
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777a27c0 5 bytes JMP 0000000077900260
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777a27d0 5 bytes JMP 0000000077900270
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777a27e0 5 bytes JMP 0000000077900400
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a29a0 5 bytes JMP 00000000779001f0
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777a29b0 5 bytes JMP 0000000077900210
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a2a20 5 bytes JMP 0000000077900200
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777a2a80 5 bytes JMP 0000000077900420
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777a2a90 5 bytes JMP 0000000077900430
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a2aa0 5 bytes JMP 0000000077900220
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777a2b80 5 bytes JMP 0000000077900280
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000077546440 5 bytes JMP 0000000169ff0038
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007758ef8d 1 byte [62]
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd828ef0 5 bytes JMP 000007fffd8100b8
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd82bfd0 5 bytes JMP 000007fffd810038
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefea37490 5 bytes JMP 000007fffd810138
.text C:\Users\User\Downloads\Gmer-19357.exe[6268] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007722a2fd 1 byte [62]
.text C:\Users\User\Downloads\Gmer-19357.exe[6268] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075c21401 2 bytes JMP 7722b21b C:\windows\syswow64\kernel32.dll
.text C:\Users\User\Downloads\Gmer-19357.exe[6268] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075c21419 2 bytes JMP 7722b346 C:\windows\syswow64\kernel32.dll
.text C:\Users\User\Downloads\Gmer-19357.exe[6268] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075c21431 2 bytes JMP 772a8ea9 C:\windows\syswow64\kernel32.dll
.text C:\Users\User\Downloads\Gmer-19357.exe[6268] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075c2144a 2 bytes CALL 772048ad C:\windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Users\User\Downloads\Gmer-19357.exe[6268] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075c214dd 2 bytes JMP 772a87a2 C:\windows\syswow64\kernel32.dll
.text C:\Users\User\Downloads\Gmer-19357.exe[6268] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075c214f5 2 bytes JMP 772a8978 C:\windows\syswow64\kernel32.dll
.text C:\Users\User\Downloads\Gmer-19357.exe[6268] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075c2150d 2 bytes JMP 772a8698 C:\windows\syswow64\kernel32.dll
.text C:\Users\User\Downloads\Gmer-19357.exe[6268] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075c21525 2 bytes JMP 772a8a62 C:\windows\syswow64\kernel32.dll
.text C:\Users\User\Downloads\Gmer-19357.exe[6268] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075c2153d 2 bytes JMP 7721fca8 C:\windows\syswow64\kernel32.dll
.text C:\Users\User\Downloads\Gmer-19357.exe[6268] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075c21555 2 bytes JMP 772268ef C:\windows\syswow64\kernel32.dll
.text C:\Users\User\Downloads\Gmer-19357.exe[6268] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075c2156d 2 bytes JMP 772a8f61 C:\windows\syswow64\kernel32.dll
.text C:\Users\User\Downloads\Gmer-19357.exe[6268] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075c21585 2 bytes JMP 772a8ac2 C:\windows\syswow64\kernel32.dll
.text C:\Users\User\Downloads\Gmer-19357.exe[6268] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075c2159d 2 bytes JMP 772a865c C:\windows\syswow64\kernel32.dll
.text C:\Users\User\Downloads\Gmer-19357.exe[6268] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075c215b5 2 bytes JMP 7721fd41 C:\windows\syswow64\kernel32.dll
.text C:\Users\User\Downloads\Gmer-19357.exe[6268] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075c215cd 2 bytes JMP 7722b2dc C:\windows\syswow64\kernel32.dll
.text C:\Users\User\Downloads\Gmer-19357.exe[6268] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075c216b2 2 bytes JMP 772a8e24 C:\windows\syswow64\kernel32.dll
.text C:\Users\User\Downloads\Gmer-19357.exe[6268] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075c216bd 2 bytes JMP 772a85f1 C:\windows\syswow64\kernel32.dll
---- Threads - GMER 2.1 ----
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4700:4476] 000007fef6da2bf8
---- Processes - GMER 2.1 ----
Library C:\ProgramData\eazyzoom\1.1.0.30\jhry6ac.dll (*** suspicious ***) @ C:\windows\system32\taskhost.exe [1936](2015-04-06 12:05:28) 000007feed820000
Library C:\ProgramData\eazyzoom\1.1.0.30\jhrywac.exe (*** suspicious ***) @ C:\ProgramData\eazyzoom\1.1.0.30\jhrywac.exe [2868] 0000000000400000
Library C:\ProgramData\eazyzoom\1.1.0.30\jhryaac.exe (*** suspicious ***) @ C:\ProgramData\eazyzoom\1.1.0.30\jhryaac.exe [2908] 00000000003c0000
Library C:\ProgramData\eazyzoom\1.1.0.30\jhry6ac.dll (*** suspicious ***) @ C:\windows\system32\Dwm.exe [3724](2015-04-06 12:05:28) 000007feed820000
Library C:\ProgramData\eazyzoom\1.1.0.30\jhry6ac.dll (*** suspicious ***) @ C:\windows\Explorer.EXE [3732](2015-04-06 12:05:28) 000007feed820000
Library C:\ProgramData\eazyzoom\1.1.0.30\jhry6ac.dll (*** suspicious ***) @ C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [3768](2015-04-06 12:0 000007feed820000
Library C:\ProgramData\eazyzoom\1.1.0.30\jhry6ac.dll (*** suspicious ***) @ C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [3792](2015-04-06 12:05: 000007feed820000
Library C:\ProgramData\eazyzoom\1.1.0.30\jhry6ac.dll (*** suspicious ***) @ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3948](2015-04-06 12:05:28 000007feed820000
Library C:\ProgramData\eazyzoom\1.1.0.30\jhry6ac.dll (*** suspicious ***) @ C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe [3940](2015-04-06 12:0 000007feed820000
Library C:\ProgramData\eazyzoom\1.1.0.30\jhry6ac.dll (*** suspicious ***) @ C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [3428](2015-04-06 12:05:28) 000007feed820000
Library C:\ProgramData\eazyzoom\1.1.0.30\jhry6ac.dll (*** suspicious ***) @ C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [4100](2015-04-06 12:05:28) 000007feed820000
Library C:\ProgramData\eazyzoom\1.1.0.30\jhry3ac.dll (*** suspicious ***) @ C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe [4152](2015-04-06 12:05:52) 0000000065770000
Library C:\ProgramData\eazyzoom\1.1.0.30\jhry6ac.dll (*** suspicious ***) @ C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [4228](2015-04-06 12:05:28) 000007feed820000
Library C:\ProgramData\eazyzoom\1.1.0.30\jhry6ac.dll (*** suspicious ***) @ C:\Program Files\Synaptics\SynTP\SynTPHelper.exe [4356](2015-04-06 12 000007feed820000
Library C:\ProgramData\eazyzoom\1.1.0.30\jhry6ac.dll (*** suspicious ***) @ C:\Program Files\Logitech Gaming Software\LCore.exe [4388](2015-04 000007feed820000
Library C:\ProgramData\eazyzoom\1.1.0.30\jhry6ac.dll (*** suspicious ***) @ C:\Program Files\Windows Sidebar\sidebar.exe [4548](2015-04-06 12:05:28) 000007feed820000
Library C:\ProgramData\eazyzoom\1.1.0.30\jhry3ac.dll (*** suspicious ***) @ C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [4584](2015-04-06 12:05:52) 0000000065770000
Library C:\ProgramData\eazyzoom\1.1.0.30\jhry6ac.dll (*** suspicious ***) @ C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe [4660](201 000007feed820000
Library C:\ProgramData\eazyzoom\1.1.0.30\jhry3ac.dll (*** suspicious ***) @ C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [4780](2015-04-06 12:05:52) 0000000065770000
Library C:\ProgramData\eazyzoom\1.1.0.30\jhry6ac.dll (*** suspicious ***) @ C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe [4888](2015-04-06 12:05:28) 000007feed820000
Library C:\ProgramData\eazyzoom\1.1.0.30\jhry6ac.dll (*** suspicious ***) @ C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe [4952](2015-04-06 12:05:28) 000007feed820000
Library C:\ProgramData\eazyzoom\1.1.0.30\jhry6ac.dll (*** suspicious ***) @ C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4960](2015-04-06 12:05:28) 000007feed820000
Library C:\ProgramData\eazyzoom\1.1.0.30\jhry3ac.dll (*** suspicious ***) @ C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [4272](2015-04 0000000065770000
Library C:\ProgramData\eazyzoom\1.1.0.30\jhry3ac.dll (*** suspicious ***) @ C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe [4332](2015-04-06 12:05:52) 0000000065770000
Library C:\ProgramData\eazyzoom\1.1.0.30\jhry3ac.dll (*** suspicious ***) @ C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [4652](2015-04-0 0000000065770000
Library C:\ProgramData\eazyzoom\1.1.0.30\jhry3ac.dll (*** suspicious ***) @ C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2900](2015-04-06 12:05:52) 0000000065770000
Library C:\ProgramData\eazyzoom\1.1.0.30\jhry3ac.dll (*** suspicious ***) @ C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2852](2015-04-06 12:05:52) 0000000065770000
Library C:\ProgramData\eazyzoom\1.1.0.30\jhry3ac.dll (*** suspicious ***) @ C:\Program Files (x86)\iTunes\iTunesHelper.exe [2520](2015-04-06 12:05: 0000000065770000
Library C:\ProgramData\eazyzoom\1.1.0.30\jhry6ac.exe (*** suspicious ***) @ C:\ProgramData\eazyzoom\1.1.0.30\jhry6ac.exe [5932] 000000013fb50000
Library C:\ProgramData\eazyzoom\1.1.0.30\jhry6ac.dll (*** suspicious ***) @ C:\ProgramData\eazyzoom\1.1.0.30\jhry6ac.exe [5932](2015-04-06 12:05:28) 000007feed820000
Library C:\ProgramData\eazyzoom\1.1.0.30\jhry3ac.exe (*** suspicious ***) @ C:\ProgramData\eazyzoom\1.1.0.30\jhry3ac.exe [4372] 0000000000ba0000
Library C:\ProgramData\eazyzoom\1.1.0.30\jhry3ac.dll (*** suspicious ***) @ C:\ProgramData\eazyzoom\1.1.0.30\jhry3ac.exe [4372](2015-04-06 12:05:52) 0000000065770000
Library C:\ProgramData\eazyzoom\1.1.0.30\jhrydac.exe (*** suspicious ***) @ C:\ProgramData\eazyzoom\1.1.0.30\jhrydac.exe [1768] 0000000001330000
Library C:\ProgramData\eazyzoom\1.1.0.30\jhrydacu.dll (*** suspicious ***) @ C:\ProgramData\eazyzoom\1.1.0.30\jhrydac.exe [1768] 00000000656f0000
Library C:\ProgramData\eazyzoom\1.1.0.30\jhry3ac.dll (*** suspicious ***) @ C:\ProgramData\eazyzoom\1.1.0.30\jhrydac.exe [1768](2015-04-06 12:05:52) 0000000065770000
Library C:\ProgramData\eazyzoom\1.1.0.30\jhry6ac.dll (*** suspicious ***) @ C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [5528](2015-04-06 12:05:28) 000007feed820000
Library C:\ProgramData\eazyzoom\1.1.0.30\jhry6ac.dll (*** suspicious ***) @ C:\windows\system32\wbem\unsecapp.exe [3048](2015-04-06 12:05:28) 000007feed820000
Library C:\ProgramData\eazyzoom\1.1.0.30\jhry6ac.dll (*** suspicious ***) @ C:\windows\system32\wuauclt.exe [1792](2015-04-06 12:05:28) 000007feed820000
Library C:\ProgramData\eazyzoom\1.1.0.30\jhry3ac.dll (*** suspicious ***) @ C:\Users\User\Downloads\Gmer-19357.exe [6268](2015-04-06 12:05:52) 0000000065770000
---- Services - GMER 2.1 ----
Service C:\ProgramData\eazyzoom\1.1.0.30\jhrywac.exe (*** hidden *** ) [AUTO] isazpav <-- ROOTKIT !!!
Service C:\ProgramData\eazyzoom\1.1.0.30\jhryaac.exe (*** hidden *** ) [AUTO] jimshle <-- ROOTKIT !!!
Service C:\windows\system32\Drivers\tammgF119.sys (*** hidden *** ) [SYSTEM] tammgF119 <-- ROOTKIT !!!
Service C:\windows\system32\Drivers\tammgR119.sys (*** hidden *** ) [SYSTEM] tammgR119 <-- ROOTKIT !!!
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tammgF119.sys@ Driver
Reg HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tammgR119.sys@ Driver
Reg HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tammgF119.sys@ Driver
Reg HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tammgR119.sys@ Driver
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002269ec2d88
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\18f46afcfaa0
Reg HKLM\SYSTEM\CurrentControlSet\services\isazpav@Type 16
Reg HKLM\SYSTEM\CurrentControlSet\services\isazpav@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\services\isazpav@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\isazpav@ImagePath "C:\ProgramData\eazyzoom\1.1.0.30\jhrywac.exe" -scm
Reg HKLM\SYSTEM\CurrentControlSet\services\isazpav@DisplayName isazpav
Reg HKLM\SYSTEM\CurrentControlSet\services\isazpav@WOW64 1
Reg HKLM\SYSTEM\CurrentControlSet\services\isazpav@ObjectName LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\services\isazpav
Reg HKLM\SYSTEM\CurrentControlSet\services\jimshle@Type 16
Reg HKLM\SYSTEM\CurrentControlSet\services\jimshle@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\services\jimshle@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\jimshle@ImagePath "C:\ProgramData\eazyzoom\1.1.0.30\jhryaac.exe" /ts2=1
Reg HKLM\SYSTEM\CurrentControlSet\services\jimshle@DisplayName jimshle
Reg HKLM\SYSTEM\CurrentControlSet\services\jimshle@WOW64 1
Reg HKLM\SYSTEM\CurrentControlSet\services\jimshle@ObjectName LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\services\jimshle
Reg HKLM\SYSTEM\CurrentControlSet\services\tammgF119@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\services\tammgF119@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\tammgF119@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\tammgF119@ImagePath \??\C:\windows\system32\Drivers\tammgF119.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\tammgF119@DisplayName tammgF119 service
Reg HKLM\SYSTEM\CurrentControlSet\services\tammgF119@Group FSFilter Activity Monitor
Reg HKLM\SYSTEM\CurrentControlSet\services\tammgF119@DependOnService FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\services\tammgF119@WOW64 1
Reg HKLM\SYSTEM\CurrentControlSet\services\tammgF119\Instances
Reg HKLM\SYSTEM\CurrentControlSet\services\tammgF119\Instances@DefaultInstance tammgF119 Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\tammgF119\Instances\tammgF119 Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\tammgF119\Instances\tammgF119 Instance@Altitude 370034
Reg HKLM\SYSTEM\CurrentControlSet\services\tammgF119\Instances\tammgF119 Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\services\tammgF119
Reg HKLM\SYSTEM\CurrentControlSet\services\tammgR119@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\tammgR119@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\tammgR119@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\tammgR119@ImagePath \??\C:\windows\system32\Drivers\tammgR119.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\tammgR119@DisplayName tammgR119 service
Reg HKLM\SYSTEM\CurrentControlSet\services\tammgR119@WOW64 1
Reg HKLM\SYSTEM\CurrentControlSet\services\tammgR119
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002269ec2d88 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\18f46afcfaa0 (not active ControlSet)
---- EOF - GMER 2.1 ----
|
|
09.04.2015, 18:01
| #11 |
| /// the machine /// TB-Ausbilder | Adware.SpeedingUp Virus Werbebanner Firefox hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
09.04.2015, 18:44
| #12 |
| | Adware.SpeedingUp Virus Werbebanner Firefox Hallo Schrauber, ich komme gar nicht zum ausführen, da die Datei wohl beim downloaden beschädigt wird(?). Wenn ich auf den Link klicke, meldet Avast nach Abschluss, dass eine Infektion über diesem Link soeben blockiert wurde. Nach download habe ich Avast wie angewiesen deaktiviert, allerdings ließ sich die Datei aus oben genanntem Grund nicht mehr starten. Soll ich nun Avast vor dem Download deaktivieren? Oder lasse ich damit tatsächlich ein Virus in mein System? Gruß, Pauskar |
|
10.04.2015, 07:58
| #13 |
| /// the machine /// TB-Ausbilder | Adware.SpeedingUp Virus Werbebanner Firefox Avast vorher deaktivieren, ja 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
10.04.2015, 13:59
| #14 |
| | combofixCode:
ATTFilter ComboFix 15-04-09.01 - User 10.04.2015 14:20:34.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8125.5421 [GMT 2:00]
ausgeführt von:: c:\users\User\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\User\AppData\Roaming\systweak\ssd\SSDPTstub.exe
c:\windows\s.bat
c:\windows\shost.bin
.
.
((((((((((((((((((((((( Dateien erstellt von 2015-03-10 bis 2015-04-10 ))))))))))))))))))))))))))))))
.
.
2015-04-10 12:38 . 2015-04-10 12:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-04-10 00:43 . 2015-04-10 00:43 -------- d-----w- c:\program files (x86)\MyPCBU
2015-04-10 00:43 . 2015-04-10 00:43 -------- d-sh--w- c:\users\User\AppData\Local\EmieUserList
2015-04-10 00:43 . 2015-04-10 00:43 -------- d-sh--w- c:\users\User\AppData\Local\EmieSiteList
2015-04-10 00:43 . 2015-04-10 00:43 -------- d-sh--w- c:\users\User\AppData\Local\EmieBrowserModeList
2015-04-10 00:43 . 2015-04-10 00:43 -------- d-----w- c:\users\User\AppData\Roaming\moters
2015-04-10 00:43 . 2015-04-10 00:43 -------- d-----w- c:\programdata\LolliScan
2015-04-10 00:43 . 2015-04-10 00:43 -------- d-----w- c:\users\User\AppData\Roaming\lection
2015-04-10 00:43 . 2015-04-10 12:11 -------- d-----w- c:\users\User\AppData\Local\mbot_de_589
2015-04-10 00:43 . 2015-04-10 00:43 -------- d-----w- c:\program files (x86)\mbot_de_589
2015-04-10 00:42 . 2015-04-10 00:42 -------- d-----w- c:\program files (x86)\WindowsScan
2015-04-10 00:42 . 2015-04-10 00:42 -------- d-----w- c:\program files (x86)\app_setup
2015-04-10 00:41 . 2015-04-10 00:41 -------- d-----w- c:\program files (x86)\Win_Scan
2015-04-09 15:34 . 2015-04-09 15:34 364472 ----a-w- c:\windows\system32\aswBoot.exe
2015-04-09 15:34 . 2015-04-09 15:34 43112 ----a-w- c:\windows\avastSS.scr
2015-04-09 15:33 . 2015-04-09 15:33 449896 ----a-w- c:\windows\system32\drivers\aswNdisFlt.sys
2015-04-09 15:30 . 2015-04-09 15:30 -------- d-----w- c:\users\User\Tracing
2015-04-08 22:04 . 2015-04-08 22:04 -------- d-----w- c:\program files (x86)\Common Files\Java
2015-04-08 20:50 . 2015-04-08 20:51 -------- d-----w- C:\FRST
2015-04-06 14:30 . 2015-04-06 14:31 -------- d-----w- c:\users\User\AppData\Local\Opera Software
2015-04-06 14:30 . 2015-04-06 14:31 -------- d-----w- c:\users\User\AppData\Roaming\Opera Software
2015-04-06 14:25 . 2015-04-06 14:31 -------- d-----w- c:\program files (x86)\Opera
2015-04-06 14:23 . 2015-04-06 14:25 -------- d-----w- c:\users\User\AppData\Roaming\00000000-1428330225-0000-0000-000000000000
2015-04-04 11:15 . 2015-04-04 11:16 -------- d-s---w- c:\windows\system32\GWX
2015-04-04 11:15 . 2015-04-04 11:15 -------- d-s---w- c:\windows\SysWow64\GWX
2015-04-03 10:49 . 2015-03-14 10:02 12002392 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{202C22E6-6BFA-4EFA-8FC5-52EBC7AC4D64}\mpengine.dll
2015-04-02 18:13 . 2015-04-02 18:13 -------- d-----w- c:\programdata\482632dc000026a9
2015-04-02 18:10 . 2015-04-02 18:10 -------- d-----w- c:\users\User\AppData\Roaming\dlg
2015-04-02 18:05 . 2015-04-08 19:52 -------- d-----w- c:\programdata\{559aac06-3e54-c069-559a-aac063e5b018}
2015-04-02 18:05 . 2015-04-02 19:20 -------- d-----w- c:\users\User\AppData\Roaming\Steganos VPN
2015-04-02 18:04 . 2015-04-02 19:22 -------- d-----w- c:\users\User\AppData\Roaming\Steganos
2015-04-02 18:04 . 2015-04-02 18:04 -------- d-----w- c:\program files (x86)\Common Files\Steganos
2015-04-02 18:04 . 2015-04-02 19:22 -------- d-----w- c:\program files (x86)\OkayFreedom
2015-04-02 18:03 . 2015-04-02 18:03 -------- d-----w- c:\program files (x86)\WEB.DE MailCheck
2015-03-12 10:59 . 2015-02-20 04:41 41984 ----a-w- c:\windows\system32\lpk.dll
2015-03-12 10:59 . 2015-02-20 04:40 100864 ----a-w- c:\windows\system32\fontsub.dll
2015-03-12 10:59 . 2015-02-20 04:40 14336 ----a-w- c:\windows\system32\dciman32.dll
2015-03-12 10:59 . 2015-02-20 04:40 46080 ----a-w- c:\windows\system32\atmlib.dll
2015-03-12 10:59 . 2015-02-20 04:13 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2015-03-12 10:59 . 2015-02-20 04:13 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2015-03-12 10:59 . 2015-02-20 04:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2015-03-12 10:59 . 2015-02-20 04:12 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2015-03-12 10:59 . 2015-02-20 03:29 372224 ----a-w- c:\windows\system32\atmfd.dll
2015-03-12 10:59 . 2015-02-20 03:09 299008 ----a-w- c:\windows\SysWow64\atmfd.dll
2015-03-11 16:39 . 2015-03-11 16:39 -------- d-----w- c:\program files (x86)\The Creative Assembly
2015-03-11 14:41 . 2015-02-03 03:30 1202176 ----a-w- c:\windows\system32\drmv2clt.dll
2015-03-11 14:41 . 2015-02-03 03:30 842240 ----a-w- c:\windows\system32\blackbox.dll
2015-03-11 14:41 . 2015-02-03 03:12 744960 ----a-w- c:\windows\SysWow64\blackbox.dll
2015-03-11 14:41 . 2015-02-03 03:12 988160 ----a-w- c:\windows\SysWow64\drmv2clt.dll
2015-03-11 14:41 . 2015-02-03 03:31 14632960 ----a-w- c:\windows\system32\wmp.dll
2015-03-11 14:41 . 2015-02-03 03:31 782848 ----a-w- c:\windows\system32\wmdrmsdk.dll
2015-03-11 14:39 . 2015-02-03 03:31 215552 ----a-w- c:\windows\system32\ubpm.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-04-09 15:34 . 2014-09-08 15:04 136752 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-04-09 15:34 . 2014-09-08 15:04 29168 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-04-09 15:34 . 2013-06-17 18:53 65736 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-04-09 15:34 . 2013-06-17 18:53 271200 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-04-09 15:34 . 2012-05-28 01:51 442264 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-04-09 15:34 . 2012-05-28 01:51 93528 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-04-09 15:34 . 2012-05-28 01:51 88408 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-04-09 15:34 . 2012-05-28 08:38 28144 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2015-04-09 15:34 . 2012-05-28 01:51 1047320 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-04-08 22:04 . 2015-03-02 17:40 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-04-08 20:03 . 2012-05-28 01:13 778928 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-04-08 20:03 . 2012-05-16 15:56 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-24 02:17 . 2012-07-08 11:25 295552 ------w- c:\windows\system32\MpSigStub.exe
2015-02-04 03:16 . 2015-02-11 15:26 609280 ----a-w- c:\windows\system32\generaltel.dll
2015-02-04 03:16 . 2015-02-11 15:26 762368 ----a-w- c:\windows\system32\invagent.dll
2015-02-04 03:16 . 2015-02-11 15:26 414720 ----a-w- c:\windows\system32\devinv.dll
2015-02-04 03:16 . 2015-02-11 15:26 894976 ----a-w- c:\windows\system32\appraiser.dll
2015-02-04 03:16 . 2015-02-11 15:26 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-02-04 03:16 . 2015-02-11 15:26 192000 ----a-w- c:\windows\system32\aepic.dll
2015-02-04 03:13 . 2015-02-11 15:26 1098752 ----a-w- c:\windows\system32\aeinv.dll
2015-01-27 23:36 . 2015-02-11 15:26 1239720 ----a-w- c:\windows\system32\aitstatic.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Spotify Web Helper"="c:\users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-09-26 1245752]
"GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2015-03-30 809288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-11-20 284696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-05 98304]
"MuteSync"="c:\progra~2\Lenovo\LENOVO~2\MuteSync.exe" [2009-12-28 336384]
"Lenovo SlideNav2"="c:\program files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe" [2009-12-30 318400]
"Lenovo SplitScreen"="c:\program files\Lenovo\Lenovo SplitScreen\SplitScreen\AutoRunSpS.exe" [2010-04-01 778592]
"UCam_Menu"="c:\program files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"YouCam Mirror Tray icon"="c:\program files (x86)\Lenovo\YouCam\YouCamTray.exe" [2010-02-03 167008]
"VeriFaceManager"="c:\program files (x86)\Lenovo\VeriFace\PManage.exe" [2012-05-11 3122528]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"tvncontrol"="c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" [2013-10-11 2327248]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-01 152392]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-04-09 5512912]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-02-10 335232]
"mbot_de_589"="c:\program files (x86)\mbot_de_589\mbot_de_589.exe" [2015-04-07 3985040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"upmbot_de_589.exe"="c:\users\User\AppData\Local\mbot_de_589\upmbot_de_589.exe" [2015-04-07 3309712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WLStart"="c:\program files (x86)\Windows Live\Installer\wlstart.exe" [2009-07-26 786760]
.
c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
hqghumeaylnlf.lnk - c:\programdata\{559aac06-3e54-c069-559a-aac063e5b018}\hqghumeaylnlf.exe /startup [2014-4-2 6382032]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2010-1-12 1082656]
Start GeekBuddy.lnk - c:\program files (x86)\Comodo\GeekBuddy\launcher.exe "unit_manager.exe" [2013-10-11 49360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R1 CFRMD;CFRMD;c:\windows\system32\DRIVERS\CFRMD.sys;c:\windows\SYSNATIVE\DRIVERS\CFRMD.sys [x]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 Bridge0;Bridge0;c:\windows\system32\drivers\WDBridge.sys;c:\windows\SYSNATIVE\drivers\WDBridge.sys [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 cpuz134;cpuz134;c:\users\User\AppData\Local\Temp\cpuz134\cpuz134_x64.sys;c:\users\User\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 IGRS;IGRS;c:\program files (x86)\Lenovo\ReadyComm\common\IGRS.exe;c:\program files (x86)\Lenovo\ReadyComm\common\IGRS.exe [x]
R4 CLPSLauncher;COMODO LPS Launcher;c:\program files (x86)\Common Files\COMODO\launcher_service.exe;c:\program files (x86)\Common Files\COMODO\launcher_service.exe [x]
S0 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdisFlt.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 isazpav;isazpav;isazpav [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AnviCsbSvc;Anvi Cloud System Booster Speed Service;c:\program files (x86)\Anvisoft\Cloud System Booster\CSBSvc.exe;c:\program files (x86)\Anvisoft\Cloud System Booster\CSBSvc.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 avast! Firewall;Avast Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x]
S2 DragonUpdater;COMODO Dragon Update Service;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe [x]
S2 GeekBuddyRSP;GeekBuddyRSP Server;c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe;c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiVpc.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
IgrsSvcs REG_MULTI_SZ ReadyComm.DirectRouter PS_MDP
<NO NAME> REG_SZ
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-04-02 17:49 1061704 ----a-w- c:\program files (x86)\Google\Chrome\Application\41.0.2272.118\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-04-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-28 20:03]
.
2015-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-17 18:53]
.
2015-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-17 18:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-04-09 15:34 722400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2012-05-11 09:14 1502720 ----a-w- c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-23 10775072]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-04-23 2040352]
"OnekeyStudio"="c:\program files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe" [2009-12-19 776608]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\utility.exe" [2010-03-11 4448704]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2010-03-11 7056832]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2012-05-21 6868280]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = about:blank
mLocal Page = about:blank
mSearch Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
uInternet Settings,ProxyOverride = *.local
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rfo4snbm.default-1428334381312\
FF - prefs.js: browser.search.defaulturl - hxxps://www.google.com/search
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxps://www.google.com/search
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - (no file)
BHO-{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - (no file)
BHO-{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - (no file)
Toolbar-Locked - (no file)
Toolbar-{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - (no file)
Wow6432Node-HKCU-Run-DriverUpdaterPro - c:\program files (x86)\oTweak\DriverUpdaterPro\DriverUpdaterPro.exe
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
BHO-{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SynBtnAsst - c:\program files (x86)\Synaptics\SynTP\SynBtnAsst.exe
AddRemove-{14803CA5-4974-4A33-82BC-3A2262F3A65A} - c:\programdata\eazyzoom\1.1.0.30\Uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\isazpav]
"ImagePath"="\"c:\programdata\eazyzoom\1.1.0.30\jhrywac.exe\" -scm"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\jimshle]
"ImagePath"="\"c:\programdata\eazyzoom\1.1.0.30\jhryaac.exe\" /ts2=1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\tammgF119]
"ImagePath"="\??\c:\windows\system32\Drivers\tammgF119.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\tammgR119]
"ImagePath"="\??\c:\windows\system32\Drivers\tammgR119.sys"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_134_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_134_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_134_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_134_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_134.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.17"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_134.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_134.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_134.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-04-10 14:41:20
ComboFix-quarantined-files.txt 2015-04-10 12:41
.
Vor Suchlauf: 13 Verzeichnis(se), 155.069.243.392 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 154.500.153.344 Bytes frei
.
- - End Of File - - EF34E96B934D5BF624496592408923A9
eine Sache noch, die vielleicht weiterbringt: In meinem Ordner C:Program Data ist ein versteckter Ordner names Easyzoom, von dem ausgehend Avast nun schon mehrmals Bedrohungen blockiert hat. Ich selbst kann keinerlei Zugriff auf diesen Ordner ausüben oder ihn gar löschen, da mir die Fehlmeldung 'Falscher Paramenter' genannt wird. Gruß, Pauskar |
|
11.04.2015, 07:15
| #15 |
| /// the machine /// TB-Ausbilder | Adware.SpeedingUp Virus Werbebanner Firefox Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Adware.SpeedingUp Virus Werbebanner Firefox |
| adobe, adware.speedingup, antivirus, browser, defender, desktop, firefox, flash player, google, home, homepage, langsam, launch, mozilla, popups, realtek, registry, rundll, scan, security, sekunden, services.exe, software, svchost.exe, virus, werbefenster, windows |
Linear-Darstellung
